Hi,
I've a backscatter problem wherein users receives emails from valid
company addresses but based on content of the message it is obviously
spam. I'm using postfix 2.5 with virtual domains using mysql + dovecot
and mailscanner and I've already read
http://www.postfix.org/BACKSCATTER_README.html however I'm not sure
how to go about it since I'm using mysql lookups.
This is my postconf -n:
[r...@kartero ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix-2.5.5-documentation/html
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = bl.spamcop.net
message_size_limit = 40960000
mydestination = localhost
mydomain = example.com
myhostname = kartero.example.com
mynetworks = 192.168.88.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5-documentation/readme
recipient_delimiter = +
relay_domains = $mydestination
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
permit_tls_all_clientcerts
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_rbl_client sbl-xbl.spamhaus.org
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rbl_client bl.spamcop.net permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/postfix/ssl/mail-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/mail-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /home/virtualmail
virtual_mailbox_domains =
proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot
virtual_uid_maps = static:150
# ---------------
My /etc/postfix/header_checks contain only the following:
/^Received:/ HOLD
According to MailScanner docs the above line is mandatory in order for
MailScanner to work, what revisions do I need to add to header_checks
in order to prevent backscatter? Is the following correct and will it
work?
if /^Received:/
/^Received:/ HOLD
/^Received: +from +(example\.com) +/
reject forged client name in Received: header: $1
/^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(example\.com)\)/
reject forged client name in Received: header: $2
/^Received:.* +by +(example\.com)\b/
reject forged mail server name in Received: header: $1
endif
/^Message-ID:.* <!&!/ DUNNO
/^Message-ID:.*@(example\.com)/
reject forged domain name in Message-ID: header: $1
TIA,
Jan
