http://www.backscatterer.org is a scam that detects backscatter email configurations and then charges $100 to remove the listing in less than 4 weeks.

Backscatter is a problem where if a mail server does not reply "User Unknown", then it is possible to use this as part of an attack.

Checking 128.32.48.150 shows:

29.04.2014 20:42 CEST	listed	
29.05.2014 17:25 CEST	expired	
18.10.2016 19:26 CEST	listed

https://staff.ie.cuhk.edu.hk/~sfluk/wordpress/?p=1397 describes how to configure sendmail to avoid this problem.

For us, what we did is update /etc/mail/Makefile to add all the aliases to /etc/mail/access.db by reading various files in /etc/mail/ and then creating /etc/mail/access.db

We also disabled the expn functionality. This probably does not matter, but it seemed worth a try.

Before the fix, the following test showed that there was a possibility that email to unknown-user@moog.eecs.berkeley.edu was not being handled properly:

[root@moog mail]# /usr/lib/sendmail -bt -d21.4
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter  
> .D{client_addr}200.89.70.8
> .D{client_name}mx.uchile.cl
> check_rcpt <cxhxxxxx@moog.eecs.berkeley.edu>
check_rcpt         input: < cxhxxxxx @ moog . eecs . 
...
rewritten as: < cxhxxxxx @ moog . eecs . berkeley . edu > $| @ RELAY
rewritten as: RELAY
Basic_check_rcpt returns: RELAY
rewritten as: RELAY
check_rcpt       returns: RELAY
>

After the fix, the last part was:

check_rcpt       returns: $# error $@ 5 . 1 . 1 $: "550 User unknown"

Note that for this to work, the host must have a MX record to moog, not a CNAME.

Not:

;; ANSWER SECTION:
robotics.EECS.Berkeley.EDU. 86400 IN    CNAME   moog.EECS.Berkeley.EDU.

But instead:

;; ANSWER SECTION:
chess.EECS.Berkeley.EDU. 86400  IN      SPF     "v=spf1 ip4:128.32.48.150 ?all"
chess.EECS.Berkeley.EDU. 86400  IN      TXT     "v=spf1 ip4:128.32.48.150 ?all"
chess.EECS.Berkeley.EDU. 86400  IN      MX      5 moog.EECS.Berkeley.EDU.
chess.EECS.Berkeley.EDU. 86400  IN      A       128.32.48.150