1st thanks for reading this email.
Recently I been getting hit with a lot of dictionary attacks and I was wondering if someone can shed some light on this. I using the following postfix options: smtpd_sender_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client b.barracudacentral.org, permit smtpd_recipient_restrictions = regexp:/etc/postfix/recipient_regexp, reject_unauth_pipelining, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination Notice the email is 1st rejected because of "reject_unknown_recipient_domain" but then the same email (same message IS) is accepted with 47 recipients. I thought that once there was an unknown recipient domain that the whole email would be rejected/deferred back to the sender. I'm confused as to why the email was delivered?? Nov 10 04:10:04 mrelay1 postfix/smtpd[25678]: E287230E8F0: client=unknown[94.242.206.37], sasl_method=LOGIN, sasl_username=Paramus Nov 10 04:10:07 mrelay1 postfix/smtpd[25678]: E287230E8F0: reject: RCPT from unknown[94.242.206.37]: 450 4.1.2 <dsurgeoncli...@freemail.absa.co.za>: Recipient address rejected: Domain not found; from=<i...@fnb.co.za> to=<dsurgeoncli...@freemail.absa.co.za> proto=ESMTP helo=<User> Nov 10 04:10:10 mrelay1 postfix/smtpd[25678]: E287230E8F0: reject: RCPT from unknown[94.242.206.37]: 450 4.1.2 <d...@physics.uct.ac.za>: Recipient address rejected: Domain not found; from=<i...@fnb.co.za> to=<d...@physics.uct.ac.za> proto=ESMTP helo=<User> Nov 10 04:10:23 mrelay1 postfix/cleanup[25677]: E287230E8F0: message-id=20101110091004.e287230e...@mrelay1.xxxx.xx Nov 10 04:10:23 mrelay1 postfix/qmgr[4833]: E287230E8F0: from=<i...@fnb.co.za>, size=11697, nrcpt=47 (queue active) I'm having a hard time trying to stop spammers from relaying mail through this server. We need sasl auth and I can't set any unknown clients restrictions because we have customers who connect from ips that don't have a reverse/forward DNS like some Comcast ips. I was wondering if someone has any suggestions. I'm also using the following options. strict_rfc821_envelopes = yes smtp_rset_timeout = 30s smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 4
