postfix as forwarder and backscatterer problem
in [Postfix]
|
Prev: postfix as forwarder and backscatterer problem
Next: Postfix e-mail redirections to external e-mail addresses
From: Vasya Pupkin on 22 Jul 2010 10:37 It is already as restrictive as possible and acceptable for me. I do not want to loose any non-spam mail as well, so I am not going insane adding network block based rbl domains, but I am using most reliable rbl domains, including zen.spamhaus.org, bl.spamcop.net, cbl.abuseat.org, b.barracudacentral.org, and some more, and some Postfix internal check including reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, and some more. On Thu, Jul 22, 2010 at 6:28 PM, Mikael Bak <mikael(a)t-online.hu> wrote: > Vasya Pupkin wrote: >> Hello. >> >> First, I have spent two days reading articles and searching web for >> solution but failed there. I am using postfix as an mx for my domains, >> it accpets mail for different addresses withing my domains which is >> then forwarded to other external domains, i.e. google.com and other >> mail services. Mail for unknown users is rejected, many other check >> are performed, but still sometimes my system acts as a backscatterer >> when something like this happens: >> >> 1. Incoming mail passes all tests, it's coming to one of the addresses >> within my domain, i.e. existing-user(a)mydomain.tld >> 2. Postfix then forwards mail to external domain, i.e. myemail(a)mailservice.tld >> 3. For some reason mailservice.tld rejects this mail, i.e. it doesn't >> like it's content or size. >> 4. Postfix then bounces mail to sender, which can be forged, and thus, >> becoming a backscatterer. >> >> Is there any way to prevent postfix from sending bounces anywhere? > > Hi Vasya, > > To be sure to not acting as a backscatter you will have to configure the > front mx to be as restrictive regarding content and mail sizes as the > final destination is. Otherwise you will see problems like the theese. > > HTH, > Mikael > > |