postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Fighting Backscatter

Re: Fighting Backscatter

From: Jeroen Geilman <jeroen_at_nospam>
Date: Wed Oct 20 2010 - 01:50:17 GMT
To: postfix-users@postfix.org

On 10/20/2010 03:38 AM, Steve Jenkins wrote:
>
> THANK YOU Jeroen. J I really appreciate you taking the time to help me
> with some specific steps I can try.
>

Well, let's say I can provide you with some pointers.
That doesn't absolve you of the responsibility to study the
documentation thoroughly.

> non_smtpd_milters = inet:localhost:20209
>
> smtpd_milters = inet:localhost:20209

What are all these milters doing ?
Do you *know* ?
How can you use the same service for both smtp and non-smtp milters ?
Presumably, they don't take the same input format.

> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> reject_unknown_reverse_client_hostname, warn_if_reject
> reject_non_fqdn_helo_hostname, warn_if_reject
> reject_invalid_helo_hostname, warn_if_reject
> reject_unknown_helo_hostname, reject_unauth_pipelining,
> reject_non_fqdn_sender, reject_unknown_sender_domain,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> reject_invalid_hostname, permit
>

Still missing a good RBL check; check out zen (www.spamhaus.org/zen)

> virtual_alias_domains = familyname.com
>
> virtual_alias_maps = hash:/etc/postfix/virtual
>
> The /etc/postfix/virtual is set up as follows. Every line in there is
> either a local POP account or the destination forwarding address. I
> don't use any catch-alls, and prefer that my server reject unknown
> local recipients (or in this case, I should probably say "local").
>

No, since these are virtual aliases, postfix will reject any *virtual*
recipients that don't appear here.
It makes no judgement on the RHS of the aliases.

> Familyname.com #Family Domain for Mail
>
> steve@familyname.com <mailto:steve@familyname.com> steve
>
> sister@familyname.com <mailto:sister@familyname.com> sister
>
> aunt@familyname.com <mailto:aunt@familyname.com> auntsaddress@cox.net
> <mailto:auntsaddress@cox.net>
>
> dad@familyname.com <mailto:dad@familyname.com> dadsaddress@gmail.com
> <mailto:dadsaddress@gmail.com>
>
> Like you, I'm also running a pre-2.8 build (2.6.5).
>

Um. pre-2.8 means I run a pre-release build of postfix 2.8 with the
postscreen code patched in to it.

Postscreen doesn't work on earlier versions, and is still not finalized
AFAIK.

> I hadn't heard of postscreen until just now, but I'll check it out.
>

That would be why. Don't worry about it, you can do fine without.

> Would you mind sharing (anonymized if you wish) some examples of
> permutations of your IP and hostname(s) to reject from your
> helo_access file? What types of permutations are classically used by
> spammers that I can safely block without rejecting legitimate mail?
>

Just list your literal IP and hostname(s) to start with.
Many spammers try to circumvent remote client restrictions that way.

> *From:* owner-postfix-users@postfix.org
> [mailto:owner-postfix-users@postfix.org] *On Behalf Of *Jeroen Geilman
> *Sent:* Tuesday, October 19, 2010 7:10 PM
> *To:* postfix-users@postfix.org
> *Subject:* Re: Fighting Backscatter
>
>
> Oh, and please don't top-post.
> J.
>

And you're still top-posting.

-- J.