[lug] Lots o' email bounces

karl horlen horlenkarl at yahoo.com
Thu Jun 26 14:39:47 MDT 2008 

Which one of the postfix config lines below actually solves the original question about the bounces when someone spoofs you as the sender?  

I'm trying to follow.  I don't think you can do that without using the SPF method which would prevent the bounce entirely.  However, SPF only works on those receiving email servers that implement it meaning it's only foolproof at some percentage less than 100% for the bounce problem mentioned here.

A few more notes towards the bottom.  Read on.

> From: Ben <bluey at iguanaworks.net>
> Date: Thursday, June 26, 2008, 9:04 AM
> I find its best to reject as much spam as possible at the
> mail server 
> before filtering /  spam assassin, etc. If its a legit
> sender, they will 
> get a bounce and know the e-mail didn't get through (as
> opposed to 
> having it sit in an SPAM folder). And this keeps
> spam-assassin from 
> getting flooded.I'm using Spamhaus (and spamcop) SBL
> lists and I find it 
> works great. I haven't caught a false-positive off it
> yet. All of my 
> false-positives come from a random company sending e-mails
> from a 
> machine with an IP that doesn't resolve to DNS (in
> violation of some 
> e-mail standard, I believe) or rarely someone sending with
> an invalid 
> HELO name (localhost being my favorite).
> 
> I use postfix and these rules:
> 
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
>         permit_mynetworks,
>         check_helo_access hash:/etc/postfix/helo_access,
>         reject_non_fqdn_hostname,
>         reject_invalid_hostname,
>         permit
> ##reject anyone without a valid helo hostname. Must be full
> qualified 
> and not me (helo_access file)
> 
> 
> smtpd_sender_restrictions =
>         check_sender_access hash:/etc/postfix/sender_access
>         reject_non_fqdn_sender
>         permit_mynetworks
>         permit_sasl_authenticated
>         reject_rbl_client zen.spamhaus.org
>         reject_rbl_client bl.spamcop.net
>         reject_unknown_reverse_client_hostname
> ##sender_access is for whitelisting / blacklisting a few
> senders
> #check against spamhaus and spamcop as a known spammer.
> #make sure the connecting IP address has a dns resolution.
> 
> smtpd_recipient_restrictions =
>         permit_mynetworks
>         reject_non_fqdn_recipient
>         reject_unauth_destination
>         check_recipient_access hash:/etc/postfix/access
> #access file stops e-mails coming in to proxy@ or postfix@
> ,etc all 
> these internal "users" who shouldn't get
> e-mail.

So /etc/postfix/access is used to limit from the external / public network to local recipients right?  Meaning that assuming you had a private network hooked to your mail server, postfix@ *would* work if it was coming from a private network host but not if it was coming from the public network.  That sound right?

> I get a daily e-mail listing all the blocked e-mail so I

What do you use to generate the report and what log files are the reports based on?

> can look for 
> false-positives. Of 10 e-mails that come in, ~6 get
> rejected, 4 come 
> through. 

I'm trying to follow.  If 10 are flagged as blocked, I think what you're saying is that 6 are correctly flagged and 4 are incorrectly blocked but really should come through.  Is that right?

I'm new to the whole email server thing myself.  

>I believe this ratio used to be higher, but my
> incoming spam 
> has gone down since I implemented this -- maybe some
> spammers got tired 
> of the constant rejects on the sends?
> 
> Ben

More information about the LUG mailing list