Why forwarders to external mailservers can be dangerous for your server


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Email » Spam
Top Level » Email » Exim

Why forwarders to external mailservers can be dangerous for your serverLast Modified: Sep 18, 2015, 3:37 pm
It's not uncommon for clients to want to forward mail from their own domain to an external email address, say gmail, for example.

The path of an email sent to the user@domain.com forwarder would be:

Sender -> DA box: user@domain.com -> External: user@gmail.com

This will work fine, until spam comes into the picture.

The issue with spam is that if the proper blocks are not in place, your DA box will happily relay spam to gmail, which could then cause gmail to think the spam is originating from your DA box.. thus getting your IP blacklisted.. even though the spam came from somewhere else.

Another issue is that, if gmail then thinks the message is spam, it may be denied at the gmail server, thus returning it back to your DA box to figure out what to do with.  Since the sender is not from the DA box.. and the final recipient is gmail (which was denied), exim tries to send to the original "sender", which in spam, is almost always fake/spoofed (these headers can be spoofed).   This causes "backscatter", where exim is trying to return a message to an address that was not the actual sender.  This backscatter is also a potential hazard to getting your IP blacklisted.

Solutions:

1) Avoid forwarders to external domains whenever possible (usually hard to convince users of this).

2) For gmail, as an example, have gmail pull your POP emails to gmail, rather than you pushing them via forwarders.
See this guide for more info.

3) Ensure SpamAssassin is enabled, and set it to drop spam or send to spambox (do not use "deliver to inbox"). At a minimum, use "drop high scoring spam".
Ensure you add the aliases file to the checks (2nd code box): http://help.directadmin.com/item.php?id=156

4) Block bounces from leaving: http://help.directadmin.com/item.php?id=357

5) RBL Blocking is a robust way of blocking spam before exim even sees the message (realtime IP based block). Some consider RBL blocking to sometimes be too strict in that it may often block entire ISP ranges (send on port 587 with smtp-auth, instead of port 25)
 
Related Helpfiles
How to enable realtime blocklists (RBLs) with exim
Change SpamAssassin to only scan local mailboxes
How to prevent bounce emails from leaving your server
SPAM fighting tools in DirectAdmin

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST