On 05/06/2026 09:29, Wietse Venema via Postfix-users wrote:
Charles Sprickman via Postfix-users:
Hi all,
This is a really basic question, and this should probably be
obvious, but I've been seeing spam/phishing come through that looks
like this:
From MAILER-DAEMON Tue Dec 02 13:31:02 2025
Return-Path: <>
Delivered-To: [email protected] (an anonymized valid address,
also postfix is fronting qmail here)
[...]
Is the short answer that this is valid because if we didn't accept
empty "mail from:" (envelope from), we'd never be accepting
legitimate bounce/error messages?
The null sender address is used for legitimate auto-generated
messages such as non-delivery notifications, message disposition
notifications, out-of-office, and so on. You would lose that if you
reject bounces.
To reject false bounces you would need deeper inspection that what
is built into Postfix.
It may be built into Gmail because they are drinking from a firehose
and can do analyses that would not be possible with a small-site
mail server.
Many forms of abuse can be stopped with a reputation service like
spamhaus.org which is free for small sites. It can be used with
smtpd_mumble_restrictions, or better, with Postfix's postscreen.
In addition to this, I would recommend some of postscreen's other
features to help eliminate non-legitimate sources of SPAM, then use a
list such as bascatterer.org to eliminate DSNs from known sources of
backscatter (which may very well help here), You can use these entries
in your smtpd_sender_restrictions:
inline:{{<>=reject_rbl_client ips.backscatterer.org=127.0.0.2},
{postmaster=reject_rbl_client ips.backscatterer.org=127.0.0.2}},
check_sender_access inline:{{<>=reject_rbl_client
backscatter.spameatingmonkey.net=127.0.0.2},
{postmaster=reject_rbl_client
backscatter.spameatingmonkey.net=127.0.0.2}},
Peter
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
