Mike McGinn: > I ma getting some backscatter problems lately. If you are receiving backscatter mail, then filtering on client properties won't do much good, because in this case the clients are real mail servers not spambots.
Instead, reject mail for non-existent recipients if possible, and try to do some content filtering as outlined in http://www.postfix.org/BACKSCATTER_README.html If the backscatter is affecting a specific recipient, then there may be no other option than to reply 450 to all requests except those from clients that he/she has exchanged email with in the past. Before writing down examples it is good to know what the problem is. Wietse > I used to have the line: > reject_unknown_reverse_client_hostname, > in my smtpd_client_restrictions but I commented it out because an important > client is on a microsoft cloud and had been having problems sending mail to > us. > > Would adding the reject_unknown_reverse_client_hostname help with the > backscatter? If it does, is there any other way to deal with these microsoft > clouds and their screwed up reverse DNS? > > I am not a mialguy, our mailguy was downsized along with all the other tech > staff except me. I write all the code here, but I have been lurking on this > list for over a year. > > Thanks a bunch, > Mike > > My postconf dump is below: > alias_database = $alias_maps > alias_maps = hash:/etc/aliases > anvil_rate_time_unit = 180s > biff = no > body_checks = pcre:$config_directory/pcre.body_checks > body_checks_size_limit = 1572864 > broken_sasl_auth_clients = yes > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > default_privs = nobody > disable_vrfy_command = yes > dovecot_destination_recipient_limit = 1 > fast_flush_domains = > header_checks = pcre:$config_directory/pcre.header_checks > html_directory = /usr/local/share/doc/postfix > in_flow_delay = 1s > inet_interfaces = $myhostname, localhost > inet_protocols = ipv4 > local_recipient_maps = unix:passwd.byname $alias_maps > mail_owner = postfix > mailbox_size_limit = 0 > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > message_size_limit = 67108864 > milter_default_action = accept > mime_header_checks = pcre:$config_directory/pcre.mime_header_checks > mydestination = $myhostname, localhost > mydomain = $myhostname > myhostname = mailhost.intelacom.com > mynetworks = 162.42.195.80, 162.42.195.41, 162.42.195.148,162.42.195.134, > 162.42.195.135, 162.42.195.136, 75.127.176.42, 75.127.176.43, 75.127.176.44, > 127.0.0.1 > myorigin = $myhostname > nested_header_checks = > newaliases_path = /usr/local/bin/newaliases > notify_classes = 2bounce, delay, resource, software > proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps > $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains > $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps > $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks > $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps > $virtual_mailbox_domains $virtual_mailbox_maps $virtual_alias_maps > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > recipient_delimiter = + > relay_domains = cdb:$config_directory/cdb.relay_domains > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > slow_destination_concurrency_limit = 2 > slow_destination_recipient_limit = 20 > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_client_connection_count_limit = 30 > smtpd_client_connection_rate_limit = 50 > smtpd_client_port_logging = yes > smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, > check_recipient_access pcre:$config_directory/pcre.whitelist_allow, > warn_if_reject reject_unknown_client_hostname, warn_if_reject > reject_rbl_client bl.spamcop.net, warn_if_reject reject_rbl_client > psbl.surriel.com, reject_rbl_client zen.spamhaus.org, > reject_rhsbl_reverse_client dbl.spamhaus.org > smtpd_data_restrictions = reject_multi_recipient_bounce, > reject_unauth_pipelining, permit > smtpd_discard_ehlo_keywords = silent-discard, dsn > smtpd_end_of_data_restrictions = check_policy_service unix:private/checkquota > smtpd_error_sleep_time = ${stress?1s}${stress:5s} > smtpd_hard_error_limit = ${stress?1}${stress:20} > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, > check_recipient_access pcre:$config_directory/pcre.whitelist_allow, > check_helo_access pcre:$config_directory/pcre.helo_access, > reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, > reject_rhsbl_helo > dbl.spamhaus.org > smtpd_junk_command_limit = ${stress?1}${stress:50} > smtpd_milters = unix:/var/run/clamav/clmilter.sock > smtpd_recipient_limit = 300 > smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination, reject_unauth_pipelining, > reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_exceptions_networks = $mynetworks > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_mx_access > cidr:$config_directory/cidr.sender_mx_access, check_sender_mx_access cdb: > $config_directory/cdb.sender_mx_access, check_recipient_access pcre: > $config_directory/pcre.whitelist_allow, reject_rhsbl_sender dbl.spamhaus.org > smtpd_soft_error_limit = ${stress?5}${stress:10} > smtpd_timeout = ${stress?10s}${stress:120s} > smtpd_tls_cert_file = /etc/ssl/mailhost.pem > smtpd_tls_key_file = /etc/ssl/mailhost.pem > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = no > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = btree: > $data_directory/smtpd_tls_session_cache > soft_bounce = no > spamass_destination_recipient_limit = 1 > strict_rfc821_envelopes = yes > tls_random_source = dev:/dev/urandom > transport_maps = cdb:$config_directory/cdb.transport_maps > unknown_address_reject_code = 550 > unknown_client_reject_code = 550 > unknown_hostname_reject_code = 550 > unknown_local_recipient_reject_code = 550 > unverified_recipient_reject_code = 550 > unverified_sender_reject_code = 550 > virtual_alias_maps = proxy:mysql:$config_directory/virtual_alias_maps.cf > proxy:mysql:$config_directory/virtual_catchall_maps.cf > virtual_mailbox_domains = proxy:mysql: > $config_directory/virtual_mailbox_domains.cf > virtual_mailbox_maps = proxy:mysql:$config_directory/virtual_mailbox_maps.cf > virtual_transport = dovecot > > > -- > Mike McGinn KD2CNU > Ex Uno Plurima > No electrons were harmed in sending this message, some were inconvenienced. > ** Registered Linux User 377849 >
