Note: This question is a duplicate of Avoid creating backscatter on a Postfix forwarding server, for which the only answer was "sorry, nothing you can do", but I provide more detail here, consider more options, and would also like to know if newer standards / protocols have improved the situation in the past 5 years. Feel free to close if that is not a good enough reason to repost.
I am running a mail server that handles some forwarding and is getting occasionally blacklisted. From the logs, the scenario responsible for this appears to be as follows:
- Spammer sends email from spoofed address to forwarded address handled by the mail server.
- Spamassassin on mail server fails to detect incoming message as spam.
- Mail server accepts message for processing and queues it to be forwarded.
- Mail server attempts to forward message to destination address on external server.
- Receiving mail server correctly identifies incoming message as spam and immediately rejects it. Note: This is not the step that gets the mail server blacklisted.
- Mail server queues rejected message for NDR to the spoofed sending address.
- Mail server attempts to send the NDR to the spoofed sending address. This is the step that gets the mail server blacklisted.
This scenario only occurs when spam detection on the mail server is inferior to the external receiving server, so it happens very infrequently, but a single misdirected bounceback can blacklist the server on some systems for over a month, so it is still very annoying.
Options I have considered:
- Don't forward: Customers won't accept this option.
- Upgrade spam detection: Spam detection on my little server will never match that of giants such as Gmail, so there will always be occasional differences.
- Don't send bouncebacks: The RBLs that occasionally list the server recommend no NDRs to external addresses. I really don't like this option as legitimate (non-spam) bouncebacks are a very important service to senders, recipients, and administrators trying to debug undelivered mail.
- A milter solution: I looked into a milter solution where the mail server might attempt to forward the message to the external server before accepting the message for delivery. This solution would be ideal, but alas, I have not found a working implementation of this, and saw several indications that it is not practical to do.
- Detect rejection type: If the receiving mail servers used a standard coding system to indicate mail rejected as spam, then it would be possible to avoid sending NDRs in those cases. This may be practical to implement for some of the large mail services such as Gmail, and would probably eliminate most of the (already rare) events, though I find that even a single server may use several different codes to indicate spam.
The mail server is Postfix. Would love to hear any additional suggestions I haven't considered re how other administrators handle this.