Comments on: Turning off DSN on sendmail to prevent backscatter

By: Vladas

Vladas — Mon, 24 Oct 2022 17:56:20 +0000

Me too: included `noreceipts’ as an additional option to define(`confPRIVACY_FLAGS’), then ‘make’, ‘restart’ — no effect, Sendmail still responses by 250-DSN to my EHLO. Is that privacy option still valid in an actual Sendmail version 8.17?

How do you feel about another way of avoiding a backscatter from Sendmail, published on https://know.mailsbestfriend.com/how_to_avoid_backscatter_in_sendmail–799384399.shtml

I am even more concerned about why Sendmail responses ‘Recipient ok’ to RCPT TO: absent@adress? Why does not Sendmail immediately reject an incoming email to an invalid address by defaul?

By: eli

eli — Wed, 23 Feb 2022 15:54:49 +0000

To me this looks like some trivial issue: Wrong configuration file, the setting overridden somewhere else, or something like that.

By: Alan Clifford

Alan Clifford — Wed, 23 Feb 2022 15:11:01 +0000

I’ve implememented “noreceipts” in my mailservers. Interesting that I could request a receipt with the sendmail command line option “-N” rather than in the email header.

By: eli

eli — Mon, 21 Feb 2022 15:58:28 +0000

I just tried contacting your mail server with the script on this page:

https://billauer.se/blog/2013/01/perl-sendmail-exim-postfix-test/

And guess what, the 250 DSN line was present in its response. The reason your server sends receipts is well, because you didn’t disable that option.

By: Alan Clifford

Alan Clifford — Mon, 21 Feb 2022 15:05:26 +0000

I have progressed. I put “-N success” in a command line sendmail on my macbook and my server at home generated a return receipt. There is nothing in the header of the email I sent requesting it.

So I’ll try switching off dsn on my server and try again. (I have to proceed carefully because I’m a few thousand kilometres from home at the moment!)

By: Anonymous

Anonymous — Mon, 21 Feb 2022 14:41:29 +0000

Relevant bit of the mail log: http://clifford.ac/photo/temp/maillog.txt

A grep of the mail log returns only one return receipt but there have been a few in the previous log.

http://clifford.ac/photo/temp/returnreceiptgrep.txt
http://clifford.ac/photo/temp/returnreceiptgrep_1.txt

I’ll have a look at the originals emails of those others.

I’ve set up alpine with a gmail account so I can put in headers. I’ll do some testing of my server but I won’t be able to replicate the false envelope “from ” that the spam had (if that was important).

By: eli

eli — Mon, 21 Feb 2022 13:52:49 +0000

Neither I could find anything to provoke a return receipt in that spam mail. Maybe sendmail chopped off the relevant header…?

Or even worse, maybe sendmail sends a return receipt to all arriving mails because of some weird configuration?

Most interesting: What does the mail log say about this mail exchange? Sending the return receipt should be logged there, possibly with an explanation on why.

And that should also answer the question if all mails get a receipt.

By: Alan Clifford

Alan Clifford — Mon, 21 Feb 2022 13:41:50 +0000

I’m not understanding something about this. A spam caused my server to send a return receipt. This was unsuccessful so my server sent me a notify: http://clifford.ac/photo/temp/return-receipt_unroutable.txt

I cannot find anything in the headers of the original spam that shows a request for a return receipt: http://clifford.ac/photo/temp/original_spam.txt

By: eli

eli — Sat, 19 Feb 2022 13:27:33 +0000

“Very valuable” is in the eyes of the beholder, I guess.

The question is: Is it still possible to provoke sendmail into sending an email after adding the noreceipts option?

By: Alan Clifford

Alan Clifford — Sat, 19 Feb 2022 13:12:05 +0000

I found this:

Note that this also causes the ESMTP DSN feature to not be advertised in the EHLO response. But, because that feature is very valuable, we recommend you not specify noreceipts.

on etutorial.org about “noreceipts” but there is no explanation of “very valuable”