ScottPeterJohnson
Spam and FCrDNS
Hi, I've recently moved to purelymail from a self-hosted setup, keeping the same domain, and I've started to receive "undelivered mail returned to sender" spam. I think someone is spamming with my domain in the From field and some incorrectly set up servers are sending the delivery failure notification to me.
I guess I didn't notice when self hosting because I configured opensmtpd to block connections from servers that failed a FCrDNS check, but apparently purelymail doesn't. Would it be possible to add this check? On failure the mail could be blocked, sent to Junk or marked with a special header (so it could be handled by a filter).
Some of the spammy senders:
- Received: from 160.155.190.11 (EHLO mail.interieur.gouv.ci) ([160.155.190.11])
- Received: from 183.83.50.2 (EHLO adserver.exhilaris.in) ([183.83.50.2])
- Received: from outlook.escom.mw (EHLO BT-EXCHANGE-09.escom.mw) ([41.77.11.134]) <-- this has an actually valid FCrDNS i think
Thanks.
SpamAssassin might actually have a reverse DNS check in its suite already; I think your problem is that backscatter is legitimate email sent by naive mailservers, not that those naive mailservers sometimes lack reverse DNS. Usually backscatter is prevented by not sending DSNs for the mail if it fails SPF/DKIM/DMARC authentication. Make sure to have those set up.
If that doesn't solve the problem, I'd recommend just setting up filters to reject the DSNs from these bad hosts.
I have SPF, DKIM and DMARC configured as instructed in https://purelymail.com/manage/domains. My reasoning is that a badly configured mail server that doesn't check those records is unlikely to have proper rDNS. But sure, a manual blacklist will do the job too. Thanks for the reply!