> On Mar 22, 2018, at 7:58 PM, mj <li...@merit.unu.edu> wrote:
>
> On 03/23/2018 12:42 AM, Viktor Dukhovni wrote:
>> Almost certainly bounces, which did not come in via SMTP, they are originated
>> locally, when inbound mail from mail.ru is undeliverable, and sent outbound
>> via the smarthost.
> Yes, they are originated locally, yes, using a webform that is currently
> being abused.
>
>>> How can I make sure that this particular postfix instance will DISALLOW
>>> sending ANY email to @mail.ru?
>> Seems a rather harsh policy, but if you must:
>> transport:
>> mail.ru error:5.1.2 Destination domain blacklisted
>
> It's very harsh, but we'll do it just for the time being, until we have fixed
> the webform.
If you have a compromised webform, DISABLE it, don't try to put on bandaids, or
assume that all the abuse will go to just one domain.
> Your solution works super, thanks a lot!
>
> Is there perhaps also another error code we can use, that blackholes the
> email, instead of politely bouncing it with a "Diagnostic-Code: X-Postfix;
> Destination domain blacklisted"?
Yes, but the right answer is turn off the webform until you can replace it
with something that is not open to abuse.
--
Viktor.
