Results 1 to 7 of 7

Thread: backscatter antispam

  1. #1
    maumar is offline Elite Member
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    341
    Rep Power
    8

    Default backscatter antispam

    i read on Backscatterer.org powered by UCEPROTECT
    that i need to use 550 as return code for unknown user
    zimbra use 450 as postifx default

    Postfix Configuration Parameters
    "unverified_recipient_reject_code (default: 450)
    The numerical Postfix SMTP server response when a recipient address is rejected by the reject_unverified_recipient restriction.
    Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway.
    Do not change this unless you have a complete understanding of RFC 821. "

    do u suggest me to change it?
    what your opinion?
    which files should i change?
    ./zimbra/postfix-2.2.9/conf/main.cf.default
    ./zimbra/postfix-2.2.9/conf/main.cf

    TIA

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    You can modify zmmta.cf and change smtpd_reject_unlisted_recipient from 'no' to 'yes' then restart postfix, that will reject them. You will need to make that change every time you upgrade Zimbra as that setting does not persist.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    maumar is offline Elite Member
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    341
    Rep Power
    8

    Default imho 550 is better than 450

    Quote Originally Posted by phoenix View Post
    You can modify zmmta.cf and change smtpd_reject_unlisted_recipient from 'no' to 'yes' then restart postfix, that will reject them. You will need to make that change every time you upgrade Zimbra as that setting does not persist.
    i have a mailgw on front of zimbra, and when it does try to deliver to a unknown zimbra account, zimbra reply with 450
    so mailq into mailgw does show:

    6B29A37E73 7969 Thu Oct 4 10:20:08 newsletter@finanza.com
    (host 85.18.70.164[85.18.70.164] said: 450 <xxxx@fbs.it>: Recipient address rejected: undeliverable address: fbs.it (in reply to RCPT TO command))

    if zimbra could reply 550, mailgw would not queue 450 reply
    definitly better, imho

    do u suggest to let 450 or to change it into 550?
    where i can change it?
    Last edited by maumar; 10-04-2007 at 04:07 AM.

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    unknown_local_recipient_reject_code = 550

  5. #5
    maumar is offline Elite Member
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    341
    Rep Power
    8

    Default

    Quote Originally Posted by mmorse View Post
    unknown_local_recipient_reject_code = 550
    true, i should use
    unknown_local_recipient_reject_code
    instead of
    unverified_recipient_reject_code
    so only mail incoming (and not outgoing) get this code

    thnx ....and, btw, where should i add it:
    /opt/zimbra/postfix-2.2.9/conf/main.cf.default
    /opt/zimbra/postfix-2.2.9/conf/main.cf
    /opt/zimbra/conf/zmmta.cf
    TIA

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    zmmta should be fine
    -though you could upgrade to 4.5.7 first so you don't have to do this all over again

    unverified takes on different meanings in smtpd_recipient_restrictions & smtpd_sender_restrictions - and people tend to forget to list which their using if for when they talk about it....

    + many people confuse smtpd_reject_unlisted_recipient (as you set above) vs smtpd_reject_unlisted_sender

    The 450 vs 550 thing-because of a few remaining limitations, the postfix versions have gone back and forth on setting it to 550 by default with varying arguments for different RFC's & tolerances, especially when multi-MTA setups come into play.

    The best situation would be to put an access list on that gateway.
    -Of course I don't know how easy that is for you (If it's even possible on that gateway & if it's too much work to sync vs manually write changes. etc).

    I would suggest you try 550 on unlisted/unknown first. If that doesn't solve it, then unverified when you are confident in your address mappings (& of course when you can monitoring closely).

    As you can see both deal with mail from & rcpt to so it's confusing to most people:

    reject_unlisted_recipient rejects the request when the RCPT TO address is not listed in the list of valid recipients for its domain class.
    ties into unknown_local_recipient_reject_code parameter

    reject_unverified_recipient rejects the request when mail to the RCPT TO address is known to bounce, or when the recipient address destination is not reachable. Address verification information is managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details.
    ties into the unverified_recipient_reject_code parameter (default: 450, change into 550 when you are confident that it is safe to do so).
    Last edited by mmorse; 10-04-2007 at 01:30 PM.

  7. #7
    gvocom is offline Active Member
    Join Date
    Apr 2010
    Posts
    30
    Rep Power
    5

    Default

    This is very interesting I would like to know what other option in postfix there are with zimbra that will allow a more granular control over reject and bounce codes. I have a lot of weirdness with this zimbra installation as a former exim guru, for some reason I cannot seem to stop the backscatter and am nowe black listed beause of it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 08-27-2007, 10:06 AM
  2. Replies: 2
    Last Post: 06-19-2007, 08:45 PM
  3. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM
  4. antispam not working?
    By moebis in forum Installation
    Replies: 16
    Last Post: 12-03-2005, 08:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •