Disable NDR
in [Postfix]
|
Prev: Postfix, SASL and LDAPDB [definitely solved]
Next: Mail filters not running behind a controlled enviornment
From: Linux Addict on 24 May 2010 14:05 Hello, One of my postfix server is sending thousands of messages to non-existent mail box in another internal server. The internal application sends mail as mailbox1(a)domain.net thru postfix. The TO addresses are invalid. I need reject messages from those domains not resolved. to=<DMR0613420524125827853(a)dsaperftest.edu>, relay=none, delay=0.05, delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=dsaperftest.edu type=A: Host not found) thank you LA
From: Linux Addict on 24 May 2010 14:10 On Mon, May 24, 2010 at 2:05 PM, Linux Addict <linuxaddict7(a)gmail.com>wrote: > Hello, One of my postfix server is sending thousands of messages to > non-existent mail box in another internal server. The internal application > sends mail as mailbox1(a)domain.net thru postfix. The TO addresses are > invalid. I need reject messages from those domains not resolved. > > > > to=<DMR0613420524125827853(a)dsaperftest.edu>, relay=none, delay=0.05, > delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not > found. Name service error for name=dsaperftest.edu type=A: Host not found) > > thank you > LA > These are the restrictions. Surely the host which is sending spam is part of mynetworks. smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client blackholes.easynet.nl, reject_rbl_client cbl.abuseat.org, reject_rbl_client proxies.blackholes.wirehub.net, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org, reject_rbl_client multihop.dsbl.org, permit disable_vrfy_command = yes smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit transport_maps = hash:/etc/postfix/transport smtpd_recipient_limit = 300 data_directory = /var/lib/postfix smtpd_tls_wrappermode = no
From: John Adams on 24 May 2010 14:25 On 24.05.2010 20:05, Linux Addict wrote: > Hello, One of my postfix server is sending thousands of messages to > non-existent mail box in another internal server. The internal > application sends mail as mailbox1(a)domain.net > <mailto:mailbox1(a)domain.net> thru postfix. The TO addresses are invalid. > I need reject messages from those domains not resolved. > > > > to=<DMR0613420524125827853(a)dsaperftest.edu > <mailto:DMR0613420524125827853(a)dsaperftest.edu>>, relay=none, > delay=0.05, delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or > domain name not found. Name service error for name=dsaperftest.edu > <http://dsaperftest.edu> type=A: Host not found) > > thank you > LA Well, if its one of your hosts doing the spamming turn of the application that is causing it. Or blacklist the sender host's IP address on the first receiving smtp server. Or do some sender address verification on your mail gateway (or however your email architecture looks like - I have no idea).
From: Linux Addict on 24 May 2010 14:58 On Mon, May 24, 2010 at 2:25 PM, John Adams <mailinglists(a)belfin.ch> wrote: > On 24.05.2010 20:05, Linux Addict wrote: > >> Hello, One of my postfix server is sending thousands of messages to >> non-existent mail box in another internal server. The internal >> application sends mail as mailbox1(a)domain.net >> <mailto:mailbox1(a)domain.net> thru postfix. The TO addresses are invalid. >> >> I need reject messages from those domains not resolved. >> >> >> >> to=<DMR0613420524125827853(a)dsaperftest.edu >> <mailto:DMR0613420524125827853(a)dsaperftest.edu>>, relay=none, >> >> delay=0.05, delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or >> domain name not found. Name service error for name=dsaperftest.edu >> <http://dsaperftest.edu> type=A: Host not found) >> >> thank you >> LA >> > > > Well, if its one of your hosts doing the spamming turn of the application > that is causing it. Or blacklist the sender host's IP address on the first > receiving smtp server. Or do some sender address verification on your mail > gateway (or however your email architecture looks like - I have no idea). > The postfix MX are behind a load balancer so they dont show the actual IP. I stopped the postfix, then did postcat on one of the queued message and found the spam host. thanks for your help.
From: Brian Evans - Postfix List on 24 May 2010 15:37
On 5/24/2010 2:10 PM, Linux Addict wrote: > These are the restrictions. Surely the host which is sending spam is > part of mynetworks. > > smtpd_recipient_restrictions = [snip] > reject_rbl_client blackholes.easynet.nl > <http://blackholes.easynet.nl>, > reject_rbl_client cbl.abuseat.org <http://cbl.abuseat.org>, > reject_rbl_client proxies.blackholes.wirehub.net > <http://proxies.blackholes.wirehub.net>, > reject_rbl_client bl.spamcop.net <http://bl.spamcop.net>, > reject_rbl_client sbl.spamhaus.org <http://sbl.spamhaus.org>, > reject_rbl_client dnsbl.njabl.org <http://dnsbl.njabl.org>, > reject_rbl_client list.dsbl.org <http://list.dsbl.org>, > reject_rbl_client multihop.dsbl.org <http://multihop.dsbl.org>, > permit > It's great that you've solved your issue. You may want to note that the dsbl, easynet and wirehub lists are dead now for a long time. I suggest removal. If you so desire, it is possible to combine cbl.abuseat.org and sbl.spamhaus.org by using sbl-xbl.spamhaus.org and get a few more feeds at the same time. zen.spamhaus.org may be a consideration too if it suits your needs. IMHO, it is good practice for a mail admin to review the blacklists in use from time to time. Brian |