The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Preventing backscatter

Discussion in 'E-mail Discussions' started by shpanda, Dec 8, 2015.

  1. shpanda

    shpanda Registered

    Joined:
    Dec 8, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    There are a number of articles about this already but I've spent several days going through them and I can't find a definitive answer that works for us. cPanel is sending bounce emails to forged FROM addresses. I can't enable hard SPF checked because we'd lose genuine mail. I have enabled other incoming and outgoing spam checks, disabled sender callouts, removed forwarders and removed the content of bounced messages from the bounce messages.

    I can't find a definitive answer for how to fail incoming messages to nonexistent accounts at the SMTP level. I saw this and similar articles: cPanel & WHM with Exim SMTP Setup but adding the following 3 lines breaks Exim:

    endpass
    message = unknown user
    verify = recipient


    This is mostly about the Backscatterer extortion list.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Have you considered using the Greylisting feature available in cPanel since version 11.50? It's documented at:

    Greylisting - Documentation - cPanel Documentation

    This might be a suitable alternative to help prevent SPAM, while reducing backscatter.

    Thank you.
     
  3. shpanda

    shpanda Registered

    Joined:
    Dec 8, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Thanks, Michael. This doesn't get to the root of the problem though - can we verify that an address exists on the server during the SMTP connection and reject mail at that point if the address doesn't exist?
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm of the understanding that SPF will check that the sending server has authority to send for that domain, but there are no checks to verify that the actual email account exists.

    Also, I'm not even convinced that Greylisting would erridicate it completely.
    I thought the whole point of Greylisting was for the sending server to verify it's self by having to send a retry before the mail was released. So even if someone spoofed an email address, the sending server could potentially retry any way, negating Greylisting.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    SPF verification is the best option to prevent forged headers, but since that's blocking legitimate mail on your system, then Greylisting is the next best alternative. It's uncommon for a server that's sending SPAM to make the retry attempts after the initial message is deferred.

    Thank you.
     
  6. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    Easiest way to eliminate backscatter is to set "Initial default/catch-all forwarder destination" in Tweak Settings to Blackhole instead of Fail. Fail will generate a non-deliverablility report (NDS), which is basically what most backscatter is. Blackhole just routes then to /dev/null and no NDR is generated.

    Technically, I believe Fail is what the RFC (Request For Comments) calls for, but the exim RFC did not take spam into account.
     
  7. shpanda

    shpanda Registered

    Joined:
    Dec 8, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I think this is the best solution - thanks.
     
Loading...

Share This Page