From owner-freebsd-questions@freebsd.org Thu Jan 5 08:58:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60632CA0529 for ; Thu, 5 Jan 2017 08:58:42 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from anny.lostinspace.de (anny.lostinspace.de [IPv6:2001:608:a02::33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EBBA41788 for ; Thu, 5 Jan 2017 08:58:41 +0000 (UTC) (envelope-from idefix@fechner.net) Received: from server.idefix.lan (unknown [IPv6:2001:a61:12cb:c401:dacb:8aff:febf:62dd]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: idefix@fechner.net) by anny.lostinspace.de (Postfix) with ESMTPSA id 5A38967B76 for ; Thu, 5 Jan 2017 09:58:38 +0100 (CET) DMARC-Filter: OpenDMARC Filter v1.3.1 anny.lostinspace.de 5A38967B76 Authentication-Results: anny.lostinspace.de; dmarc=none header.from=fechner.net DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=fechner.net; s=default; t=1483606718; bh=eaDNSk0VA3I99O0TVFLRf4GEjTEipFOrmboXrKq/7dM=; h=Subject:To:References:From:Date:In-Reply-To; b=NVfVOK/2lgiSFWUksC5V78aBglidg5awYXlYYWIB23prgCqpKA9rhVUA6fGGfOIuY TpQVbAMA8udIdSBIkT+RL5m1VRasDZpfcI9aYErjWbOBN83EOC+9xo6BgMt7gNOQt+ HXU5jBp2o18582fsqdOPGKsDND2YtZMh/cmwLtlQ= Received: from [192.168.0.151] (aftr-88-217-180-103.dynamic.mnet-online.de [88.217.180.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by server.idefix.lan (Postfix) with ESMTPSA id D44608D28DE for ; Thu, 5 Jan 2017 09:58:36 +0100 (CET) Subject: Re: Filtering Email To: freebsd-questions@freebsd.org References: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> From: Matthias Fechner Message-ID: <99370884-b547-c3c7-7b2b-711cedcedf27@fechner.net> Date: Thu, 5 Jan 2017 09:58:21 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="5iScaiH1mjA70tx1HGVDqjSB5jGxI9ipH" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2017 08:58:42 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5iScaiH1mjA70tx1HGVDqjSB5jGxI9ipH Content-Type: multipart/mixed; boundary="k5B2OiaU3IHx3hgVcNXU8cUtRuobeIl9X"; protected-headers="v1" From: Matthias Fechner To: freebsd-questions@freebsd.org Message-ID: <99370884-b547-c3c7-7b2b-711cedcedf27@fechner.net> Subject: Re: Filtering Email References: <2E557AFF-35A1-4D08-8FA9-10C65BF4ABDE@lafn.org> <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> In-Reply-To: <9bd488a3-ca45-a546-3706-3b032386f954@FreeBSD.org> --k5B2OiaU3IHx3hgVcNXU8cUtRuobeIl9X Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Am 05.01.2017 um 09:12 schrieb Matthew Seaman: > There's a potential problem with rejecting email from your local server= > -- backscatter. If your upstream MTA has accepted a message for > delivery and then your local MTA later decides to bounce it, there is n= o > choice other than to send the bounce to the sender address in the mail > headers, and spammers nowadays forge that address, so you end up > resending the spam to some (possibly innocent) third party. It's bette= r > to just /dev/null the messages in such circumstances. hm, this is really dangerous, you could kill by this action real email without notify the sender. I would recommend that the sender set a SPF record to control which server is allowed to use their domain. This would mitigate this problem and forge of email headers is not possible anymore. Gru=C3=9F Matthias --=20 "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook --k5B2OiaU3IHx3hgVcNXU8cUtRuobeIl9X-- --5iScaiH1mjA70tx1HGVDqjSB5jGxI9ipH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlhuCroACgkQkZS/qRt1bvba8wCfb4mBrxlOAxuCYxnn6xw4HCww f+0AmwXwGkkEqhy0FXBXXtspXszgyXgq =G3Fp -----END PGP SIGNATURE----- --5iScaiH1mjA70tx1HGVDqjSB5jGxI9ipH--