On 04.02.21 09:08, ludic...@gmail.com wrote:
Just a few hosts, but a lot of Spam. There is a pattern there, they all use
Return-Path: <MAILER-DAEMON>
to disguise as a bounce and bypass any further checks.
So the PCRE header check
/^Return-Path: <MAILER-DAEMON>/ REJECT Forged Return-Path
does not catch.
are you sure it's a Return-Path header?
usually, envelope sender is put to Return-Path, so you may need to block
envelope sender MAILER-DAEMON.
You can see Return-Path after delivery to mbox, but it's often not generated
before that, so at SMTP level it may not exist.
I catch those by putting reject_non_fqdn_sender into
smtpd_sender_restrictions:
Jan 18 09:17:31 smtp1 postfix/smtpd[13065]: NOQUEUE: reject: RCPT from
xxx.xxx.xxx[a.b.c.d]: 504 5.5.2 <MAILER-DAEMON>: Sender address
rejected: need fully-qualified address; from=<MAILER-DAEMON>
to=<y...@yyy.yy> proto=ESMTP helo=<xxx.xxx.xxx>
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Atheism is a non-prophet organization.
