David, you've sent so many messages and replies that quoting anything
at this point is just wasting bandwidth. I'm going to jump in with a
few notes on what I've read here:
First, you are fixating on the wrong problem. If you have bounces
that are queued up, this is because you are accepting mail that you
cannot deliver. THAT is the problem that needs to be fixed. Bounces
are bad if you are generating them AFTER you have accepted email.
Reject such mails as they are being sent to your server. The postfix
docs are your friend, read up on this.
You implied that you have postmaster/webmaster accounts but that these
are not accepting mail? This is wrong, these addresses should be
reachable for legitimate email. Tackle this issue after you've fixed
the above. At one point you indicated that these are being sent from
users on your domain, more likely these are spoofed addresses, you
need to use some method to authenticate users before they can send,
accept certain IP ranges, local networks, authenticated SMTP users,
etc. Everyone else should be blocked from sending.
You claimed that the bounces are for mails that you never sent, and
were forged. Is your system an open relay? Is it accepting mail from
systems that it shouldn't be? You will want to take a look at who is
using your mail server, and only authorized users/systems are able to
send mail via your mail server.
Tackle these issues, concentrate on one issue at a time. Review the
logs of mail as it arrives at your server, test repeatedly. Out of
the box, postfix is incredibly stable and secure, but with the wrong
settings this can be undone. Finally, if you still need help, run the
command 'postconf -n', and post the output unfiltered to the list.
That will tell what non-standard settings you are using, which will
likely shed clues to why you are having problems.
