Prev: postfix as forwarder and backscatterer problem
Next: Postfix e-mail redirections to external e-mail addresses
From: Vasya Pupkin on 22 Jul 2010 10:37
It is already as restrictive as possible and acceptable for me. I do
not want to loose any non-spam mail as well, so I am not going insane
adding network block based rbl domains, but I am using most reliable
rbl domains, including zen.spamhaus.org, bl.spamcop.net,
cbl.abuseat.org, b.barracudacentral.org, and some more, and some
Postfix internal check including reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unknown_sender_domain, and some
On Thu, Jul 22, 2010 at 6:28 PM, Mikael Bak <mikael(a)t-online.hu> wrote:
> Vasya Pupkin wrote:
>> First, I have spent two days reading articles and searching web for
>> solution but failed there. I am using postfix as an mx for my domains,
>> it accpets mail for different addresses withing my domains which is
>> then forwarded to other external domains, i.e. google.com and other
>> mail services. Mail for unknown users is rejected, many other check
>> are performed, but still sometimes my system acts as a backscatterer
>> when something like this happens:
>> 1. Incoming mail passes all tests, it's coming to one of the addresses
>> within my domain, i.e. existing-user(a)mydomain.tld
>> 2. Postfix then forwards mail to external domain, i.e. myemail(a)mailservice.tld
>> 3. For some reason mailservice.tld rejects this mail, i.e. it doesn't
>> like it's content or size.
>> 4. Postfix then bounces mail to sender, which can be forged, and thus,
>> becoming a backscatterer.
>> Is there any way to prevent postfix from sending bounces anywhere?
> Hi Vasya,
> To be sure to not acting as a backscatter you will have to configure the
> front mx to be as restrictive regarding content and mail sizes as the
> final destination is. Otherwise you will see problems like the theese.