[Mailman-Developers] before next release: disable backscatter in default installation

[Mark Sapiro]

Ian Eiloart wrote:
>
>Their advice is plain: "Reject, Don't Bounce
>The standards provide for a mail server to 'reject' a message by refusing 
>its transfer, rather than accepting it and risking future problems."


Although this thread long ago went somewhat off topic for Mailman, I
think it's valuable, and there's been a lot of good information here,
but I still have a question that I would like information on.

I 'get it' that non-acceptance at SMTP time is good and accepting and
bouncing is bad. This was not news to me, I've known it for some time,
but here's my situation. I run a server that supports a few domains.
By far, the bulk of the mail is Mailman and other mail associated with
my cycling club. There are several generic forwarding addresses such
as 'president', 'vicepresident', 'board', 'membership', etc. in the
club's domain. These are aliased to the appropriate current
recipients. Of course, all these recipient addresses are valid and
deliverable.

Any mail I receive for an unknown recipient is rejected at SMTP time,
the rest is greylisted and a lot of that never returns. That which
passes greylisting is run through MailScanner/ClamAV/SpamAssassin, and
sometimes discarded or quarrantined, but nothing is ever returned to
the sender. So far, so good.

Here's the problem. I receive a message for board at example.net which is
aliased to a few other addresses including user at example.com. The MTA
(Postfix in my case) accepts the message to board and resends it to
the aliased recipients. example.com has a very agressive content
filter which rejects messages after receiving the DATA. so Postfix's
delivery to user at example.com is sometimes not accepted by example.com
so Postfix returns a DSN. Sometimes the sender was legitimate,
sometimes (probably more often) not.

So what do I do practically in this case. Calling out to verify the
recipient won't help because the recipient is valid. I can arrange for
the DSN to pass through MailScanner on the way out and possibly create
rules to conditionally drop it, but what should the rules be, and is
it really a problem at all? Note for example, that yesterday I did not
accept 29985 messages for unknown users and greylisted 5684 more and
sent no DSNs. This is somewhat typical except I probably average 2 or
3 DSNs per day. Should I be worried?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan