postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: RE: Fighting Backscatter

RE: Fighting Backscatter

From: Steve Jenkins <steve_at_nospam>
Date: Wed Oct 20 2010 - 00:52:44 GMT
To: "Postfix users" <postfix-users@postfix.org>

I will gladly solve the RIGHT problem. The fact that I'm here looking for
guidance should demonstrate that I'm looking to do exactly that.
Unfortunately, I can't simply put "DO NOT forward SPAM" in my main.cf and
have it work. ;) After reading through all the docs and various blog and
forum posts, and making my best efforts at incorporating what I've learned
into my configuration, it seems I'm still causing backscatter. That's
exactly why I'm posting on Postfix-users - because I need a little more
guidance than just "RTFM." :) So if anyone can help me with some SPECIFIC
steps to take, I'd be very appreciative.

I posted it initially, but here again is my postconf -n output:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:20209
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_milters = inet:localhost:20209
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination, reject_unknown_recipient_domain,
reject_unknown_sender_domain, reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_invalid_hostname, permit_mynetworks, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = familyname.com
virtual_alias_maps = hash:/etc/postfix/virtual

I've been experimenting with various smtp recipient and sender restrictions,
but clearly haven't got the right mix yet. Any specific guidance there, or
anywhere else, is much appreciated.

Thanks,

SteveJ

-----Original Message-----
From: Wietse Venema [mailto:wietse@porcupine.org]
Sent: Tuesday, October 19, 2010 5:16 AM
To: Steve Jenkins
Cc: Postfix users
Subject: Re: Fighting Backscatter

Steve Jenkins:
> Gotit. Thanks again for helping me out. I'm still learning.
>
> So it seems I need to figure out how to stop the backscatter process at
step
> 6 and NOT return the bounce to the original sender.

No. Solve the RIGHT problem. DO NOT forward SPAM.

        Wietse