postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: postfix doubling emails and spam!

postfix doubling emails and spam!

From: Al Zick <al_at_nospam>
Date: Wed Oct 27 2010 - 15:37:10 GMT
To: postfix-users@postfix.org

Hi,

I hope that someone can help me. Last night I had a strange problem.
Every email that came in was there twice. Emails that I would
normally get 2 copies of, I received 4 copies of. Any ideas on what
could cause this?
Also, it seemed to be working correctly this morning, but for hours
it duplicated messages. I think it is because of some spammer
attempting to relay or send me spam.

The spam problem is incredible. Out of maybe 100 emails, 98 of them
are spam and there are even more attempts to send spam that are
rejected by Postfix.

I have this in my main.cf:
smtpd_helo_required = yes
#smtpd_client_restrictions = reject_unknown_client
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions =
         permit_mynetworks,
         reject_unauth_destination,
         reject_invalid_hostname,
         reject_unauth_pipelining,
         reject_non_fqdn_sender,
         reject_unknown_sender_domain,
         reject_non_fqdn_recipient,
         reject_unknown_recipient_domain,
         reject_rbl_client bl.spamcop.net,
         reject_rbl_client cbl.abuseat.org,
         permit

I then have postfix pass the email to procmail where it is filtered
with bogofilter. I keep giving bogofilter more spam to look at, but
it doesn't seem to block all the spam anymore, although it blocks
some spam. When I first installed it, bogofilter worked very well.

The other thing that is very disturbing to me is that twice last week
my mail server went down. I guess from all the repeated attempts to
use it as an open relay. From everything I have seen in the logs,
postfix successfully stops all relay attempts.

The other thing that I see in the log is attempts to send emails to
email addresses that never existed. For example: admin@datazap.net is
a valid email address. Why do I 10,000's of attempts to send email to
adminDD@datazap.net in my log? This has never been a valid email
address.

I was using other rbls. This was a mistake, way too many false
positives, does anyone have a list of good rbl_clients?

One thing that I don't like it is that postfix reject all the emails.
I think this is a mistake, because I am telling the spammers that it
didn't work. I think it would be best to put those emails into a spam
folder. I did install rblcheck, but I can't find documentation for
using it with Postfix/procmail.

Also, I had tried to setup Postfix so that it would just accept all
emails. I configured it to not use it's recipient table and would
just accept emails. I also added *@familysafeinternet.com for example
and I did this for all my virtual domains. Within a few hours, it
took all the load off of postfix (in fact the Postfix log hardly
moved), but where it failed is that bogofilter still tried to filter
all the emails. How would I get these emails to be bypassed by
bogofilter? I would think I should just be able to add a rule to
procmail, but I have not been able to get this to work. Also, it
would be great if I could add more rules into procmail to filter
email, instead of using bogofilter. I have found some recipes for
this, none of which seem to work. Also, is there a better way to
setup Postfix so that it would accept all emails? Maybe someone has
a better solution.

Sincerely,
Al