|Main Archive Page > Month Archives > postfix-users archives|
On 10/20/2010 02:52 AM, Steve Jenkins wrote:
> I will gladly solve the RIGHT problem. The fact that I'm here looking for
> guidance should demonstrate that I'm looking to do exactly that.
> Unfortunately, I can't simply put "DO NOT forward SPAM" in my main.cf and
> have it work. ;) After reading through all the docs and various blog and
> forum posts, and making my best efforts at incorporating what I've learned
> into my configuration, it seems I'm still causing backscatter.
Don't accept mail you cannot deliver. Really, that's Numero Uno.
Proper sender and recipient verification - insofar as is feasible for
your site - goes a long way to prevent that from happening.
> That's exactly why I'm posting on Postfix-users - because I need a little more
> guidance than just "RTFM." :) So if anyone can help me with some SPECIFIC
> steps to take, I'd be very appreciative.
> I posted it initially, but here again is my postconf -n output:
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> reject_unauth_destination, reject_unknown_recipient_domain,
> reject_unknown_sender_domain, reject_non_fqdn_recipient,
> reject_non_fqdn_sender, reject_invalid_hostname, permit_mynetworks, permit
You're missing some of the better spam prevention methods here, such as
decent HELO checks, and an RBL or two.
I'd suggest at least adding reject_unknown_reverse_client_hostname in
there, as well as (testing out)
My personal server uses:
helo_access contains permutations of my own IP and hostname(s), which I
My zen RBL check is moved to postscreen, since I run a pre-2.8 build.
> smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
Instead of specifying each restriction set by itself, put them all
together under recipient_restrictions so you can follow along what happens.
It will also log more information.
> virtual_alias_domains = familyname.com
> virtual_alias_maps = hash:/etc/postfix/virtual
It would be mildly interesting to see what is in those files, since a
virtual_alias_domain is potentially a wildcard recipient domain.
> -----Original Message-----
> From: Wietse Venema [mailto:email@example.com]
> Sent: Tuesday, October 19, 2010 5:16 AM
> To: Steve Jenkins
> Cc: Postfix users
> Subject: Re: Fighting Backscatter
> Steve Jenkins:
Oh, and please don't top-post.