1 Topic by lhiggs

  • lhiggs
  • Member
  • Offline
  • Registered: 2013-10-31
  • Posts: 46

Topic: Preventing backscatter failed deliveries for error 553 5.7.1

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.0
- Linux/BSD distribution name and version: CentOS 6.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

If I spoof an email from an unauthorized mail server (for testing purposes) the legitimate user will get a failed delivery report:

victim@legitdomain.com
x.x.x.x #<x.x.x.x #5.7.1 smtp; 553 5.7.1 <victim@legitdomain.com>: Sender address rejected: not logged in> #SMTP#

I'm trying to prevent these from happening to our users (currently one users gets these backscatter emails on a daily basis). I have tried adding "reject_authenticated_sender_login_mismatch" and "reject_unauthenticated_sender_login_mismatch" to smtpd_recipient_restrictions in /etc/postfix/main.cf but it had no affect.

I have read this: http://www.postfix.org/BACKSCATTER_README.html#real but would like to know if there is a simple configuration that can be changed to stop the failed deliveries from being sent out since that type of error will likely be spoofed spam.

Thanks for any help!

Luke

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Preventing backscatter failed deliveries for error 553 5.7.1

I personally think this is the easiest: http://www.postfix.org/BACKSCATTER_README.html#real
it gets the point: mail header.

3 Reply by lhiggs (edited by lhiggs 2015-10-22 01:26:29)

  • lhiggs
  • Member
  • Offline
  • Registered: 2013-10-31
  • Posts: 46

Re: Preventing backscatter failed deliveries for error 553 5.7.1

The problem with those methods are that it will only work if you know who is spoofing you. I added a header check with this regular expression which will match anything not my.email.server.com but blocks legit email to because of other lines in the header I presume:

/^Received: from (?:(?!my\.email\.server\.com).)*$/
   reject forged email

This regex is effective at blocking my test mail server but I'm not going to know who will try to spoof emails:

/^Received: +from +(mx\.spamserver\.com) +/
    reject forged email

What I really need is a way to NOT send a bounce message on 553 5.7.1 Sender address rejected: not logged in errors. Is that possible? I've not really found any useful info via google.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Preventing backscatter failed deliveries for error 553 5.7.1

I'm afraid that you misunderstood the hostname used in header check. It's your server hostname, not sender's.

About the "Sender address rejected: not logged in" error, it's explained in document:
http://www.iredmail.org/docs/errors.htm … -logged-in

If the sender domain is hosted on YOUR server, all emails sent by 'someone@[your_domain]' are forced to perform smtp authentication for sending email.