Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 2321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Identify cause of Backscatterer-Listing

oxident

Hello!

I'm getting listed on backscatterer.org every few days (!) but I can't find any cause for this. The only mailserver running behind the XG shows absolutely no activity around the time (+/- 10min), backscatterer.org tells me. I've already blocked outgoing SMTP traffic for every other host and even created a single rule, just for outgoing SMTP traffic in order to study the XG log afterwards ... but still, no evidence of any abusive usage.

I suspect that the XG's SMTP-Proxy (I'm not running MTA mode) is somehow sending bounces (that don't even reach my actual mailserver) to forged addresses or something like that. But I haven't configured any rule which may return undeliverable mail to the sender.

Is there anything I can do to test this or any other logs where I could "spot" these bounces?

I guess backscatterer.org won't tell me any more details.

Thanks for any help!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to oxident

    Hi  

    If "Reject" action is selected in SMTP rule, sender will be notified and there won’t bounce back mail

  • 0 in reply to Keyur

    Keyur said:
    If "Reject" action is selected in SMTP rule, sender will be notified and there won’t bounce back mail

    Are you really sure about that?

    After changing it to "Drop" instead of "Reject", my backscattering entries didn't rise up anymore (since several days for now).

  • 0 in reply to oxident

    Hi  

    Good to know that entries didn't rise up.

    The Drop action will drop the mail without notifying the user and no further notification. The logs will be available in the log viewer.

    But if you face any further issue, I would recommend contacting technical support to investigate the issue further by opening a support case.

  • 0 in reply to Keyur

    Keyur said:

    The Drop action will drop the mail without notifying the user and no further notification. The logs will be available in the log viewer.

    Well, that's the point. The "user" is meant to be the receipient, isn't it? But there's no documentation about the "sender".

    Unfortunately, the log only states that a particular mail is "rejected" or "dropped" but not, if the XG simply closed the connection ("drop") or informed the sender about delivery problems ("reject"). The latter may have caused backscattering.

    I guess it's fixed now but maybe Sophos should consider documenting this more deeply to avoid customers becoming blacklisted.

    Thanks for your help.

  • 0 in reply to oxident

    Hi  

    Thank you for your feedback, I will forward it to the concerned team.