Claus v. Wolfhausen
2009-12-17 11:49:30 UTC
People often try to discuss incredible sounding stories as an excuse why
their system does backscatter.
I give therefore following public advice how to stay off the
Backscatterer blocklist.
1. Do not use Sender-callouts aka Sender Verify aka SAV.
2. Reject emails to not existing users at your local domains.
Every MX must have knowledge of valid recipients.
3. Reject emails from your users claiming to be NULL SENDER or
postmaster in MAIL FROM.
4. Tempfail (45X Error) instead of accepting on forwarding situations,
if the destination system is not available.
5. Install an "emergency brake" at your gateway for that seldom cases,
that might still generate accidental backscatter.
There are 2 very easy ways to install such an "emergency brake" to
ensure your system can *NEVER* backscatter:
Possibility 1: Set your gateway to readdress all emails claiming to be
NULL SENDER or postmaster in MAIL FROM which are not addressed to your
authenticated users to the local postmaster.
Possibility 2: Set your gateway to readdress all emails claiming to be
NULL SENDER or postmaster in MAIL FROM which are not addressed to your
authenticated users to /dev/null.
It is really that easy.
If you follow my advice, then your system can *NEVER* get listed at
ips.backscatterer.org
Q.E.D.
--
Claus von Wolfhausen
Technical Director
UCEPROTECT-Network
http://www.uceprotect.net
their system does backscatter.
I give therefore following public advice how to stay off the
Backscatterer blocklist.
1. Do not use Sender-callouts aka Sender Verify aka SAV.
2. Reject emails to not existing users at your local domains.
Every MX must have knowledge of valid recipients.
3. Reject emails from your users claiming to be NULL SENDER or
postmaster in MAIL FROM.
4. Tempfail (45X Error) instead of accepting on forwarding situations,
if the destination system is not available.
5. Install an "emergency brake" at your gateway for that seldom cases,
that might still generate accidental backscatter.
There are 2 very easy ways to install such an "emergency brake" to
ensure your system can *NEVER* backscatter:
Possibility 1: Set your gateway to readdress all emails claiming to be
NULL SENDER or postmaster in MAIL FROM which are not addressed to your
authenticated users to the local postmaster.
Possibility 2: Set your gateway to readdress all emails claiming to be
NULL SENDER or postmaster in MAIL FROM which are not addressed to your
authenticated users to /dev/null.
It is really that easy.
If you follow my advice, then your system can *NEVER* get listed at
ips.backscatterer.org
Q.E.D.
--
Claus von Wolfhausen
Technical Director
UCEPROTECT-Network
http://www.uceprotect.net
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.