Backscatter agent - false positive RSS Back to forum
Never mind - after looking at them, I realised following the example, I was using a regex of using ".*@internal.local$", but the internal server name was actually in the outgoing emails meaning the real pattern I should be using is ".*@server.internal.local". I just cheated and set it to ".*internal.local$" (removing the @ sign) - which I believe will be reliable enough (real backscatter seems completely alien and this avoids issues if we have a different internal mail server).
@Shannon McCracken:
I'd recommend using
.*@.*\.internal\.local$
(please note that the dot characters should be "escaped" using backslash, otherwise the dot is interpreted as "any character", so it will match "minternalslocal" as well).
Testing out the backscatter agent, I've configured it to forward emails to myself rather than rejecting outright. It seems that we've got some false positives happening - as best as I can tell, the recieved bounce does have the correct Message-ID and otherwise looks like a legit bounce. (Other legit bounces are being let through).
Is there anywhere I can send this for futher review?