New Post Fix User

[datadan]

I am new to postfix. Our postfix system is current configured to send all undeliverable mail to postmaster.

There is a lot of it. Most are incorrect user id. Is there anyway I can filter out the delivery failures. For example:

* All wrong user ids reject without sending a mail to postmaster.
* All other undeliverable mails pass to postmaster.

Thanks,

 

[lgarner]

Add "reject_unauth_destination" to the "smtpd_recipient_restrictions" in main.cf

 

[gbaughma]

Yeah. Congratulations. You're probably being harvested; I was for quite a while.

My maillog was FULL of apple@mydomain.com angie@mydomain.com adam@mydomain.com etc. etc. ad nauseum.



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[datadan]

My rules posted below. I do have "reject_unauth_destination" posted. Let me be more specific. I want to turn on bounce (I had to turn it off the volume was so great).
# notify_classes = bounce, delay, policy, protocol, resource, software
I want to differentiate between external emails incoming to the wrong address (don't want to see) and outgoing email to the wrong address (I do want to see).

How can I accomplish?
Thanks,



smtpd_recipient_restrictions = permit_sasl_authenticated
reject_unauth_destination
check_sender_access hash:/etc/postfix/maps/disallow_my_domain
check_recipient_access hash:/etc/postfix/maps/spamtrap
reject_unauth_pipelining
reject_non_fqdn_sender
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/maps/mx_access
reject_multi_recipient_bounce
reject_non_fqdn_recipient
reject_unknown_recipient_domain
check_recipient_mx_access hash:/etc/postfix/maps/mx_access
check_sender_access hash:/etc/postfix/maps/frequently_forged_senders
permit

 

[gbaughma]

If you're being harvested, bouncing the mail is just what they're expecting.

I had it pass a "Service not available" if they tried to deliver to someone that didn't exist on my system.... that tends to foil the harvesters a little better.



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg

 

[datadan]

gbaughma,

1) What is the command for pass a "Service not available" and where do I put it?

2) If your system drops mails to the wrong address how does it distinguish between harvesters and people who accidentily type the wrong address (if not bounced, they think the message went through and all is well).

Thanks

 

[datadan]

gbaughma,

Are you there?

I am still getting hammered by source1 sending my server bad incoming address and then my postfix rejected to the faked source2 specified in their headers. Moreover, the receipients of the bounced email seem to think that my server is now the source of the spam.

Can postfix reject back to the source it came from rather than the faked reply-to?

Or better yet if the reply-to is incosistent with the source -- just drop altogether.?


Thanks,

 

[gbaughma]

Sorry... I was out of town for a couple of weeks, and my DSL in the hotel stunk.

Meanwhile, try including these lines in your main.cf

unknown_client_reject_code = 554
unknown_hostname_reject_code = 554

.... this won't stop them from attempting to harvest you, but will at least make their software THINK that you're not running e-mail....



Just my $0.02

"In order to start solving a problem, one must first identify its owner." --Me
--Greg