Hi List,
Some of our customers use our mailservers as antispam/antivirus gateway.
So our server accepts mail, does some spam and virus checking and
delivers the mail to a remote server. Of course I don't want to accept
mail for non existing users so our mailserver verifies the recipient. So
far so good.
But when a spam run is started and our server receive over 100 messages
per minute the final server wouldn't handle the verifies anymore and is
responding:
[ID 197553 mail.info] NOQUEUE: reject: RCPT from
smtp.zonder.com[64.244.96.100]: 450 4.1.1 <rerer...@example.com>:
Recipient address rejected: unverified address: host
xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] refused to talk to me: 421 too many
connections; from=<> to=<rerer...@example.com> proto=ESMTP
helo=<pluto.vrocorp.com>
Our server response to the spammer is 450. This response seems to
stimulate spammers to do even more tries.
Are there things I could do to stop this problem. Currently I'm blocking
connections for 10 minutes with ipf that gave to many errors. But this
still doesn't stop the spammers.
===
postconf -n:
address_verify_map = btree:${data_directory}/verify
alias_maps = hash:/opt/csw/etc/postfix/aliases
body_checks = regexp:/opt/csw/etc/postfix/maps/body_checks
broken_sasl_auth_clients = yes
command_directory = /opt/csw/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:localhost:10024
daemon_directory = /opt/csw/libexec/postfix
data_directory = /opt/csw/var/lib/postfix
default_database_type = hash
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks = regexp:/opt/csw/etc/postfix/maps/header_checks
home_mailbox = Maildir/
html_directory = /opt/csw/share/doc/postfix/html
inet_interfaces = all
mailbox_command = /opt/csw/bin/procmail-wrapper -o -a $DOMAIN -d
$LOGNAME
mailbox_size_limit = 0
mailq_path = /opt/csw/bin/mailq
manpage_directory = /opt/csw/share/man
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 20971520
mime_header_checks = regexp:/opt/csw/etc/postfix/maps/mime_header_checks
minimal_backoff_time = 1000s
mydestination = $myhostname, localhost.$mydomain
myhostname = stevie.youngguns.nl
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /opt/csw/bin/newaliases
readme_directory = /opt/csw/share/doc/postfix/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = slagenlandwonen.nl, wfcommunicatie.nl,
gooischebrink.com, interjute.nl, melamo.nl, fair-play.nl,
loopbaankamer.nl, ospl.nl, ospl.de, printcontrol.nl,
dankers-schilderwerken.nl, promonta.nl, interim-denbosch.nl,
vanherpt.biz
relayhost =
sample_directory = /opt/csw/share/doc/postfix/samples
sendmail_path = /opt/csw/sbin/sendmail
smtp_bind_address = 213.207.90.2
smtp_helo_timeout = 60s
smtp_send_xforward_command = yes
smtp_skip_quit_response = yes
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 10
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_destination, reject_unverified_recipient,
reject_non_fqdn_helo_hostname, reject_rbl_client virbl.dnsbl.bit.nl,
check_policy_service inet:127.0.0.1:12525, check_client_access
cidr:/opt/csw/etc/postfix/dnswl_header, check_client_access
cidr:/opt/csw/etc/postfix/dnswl_permit, check_policy_service
inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /home/yghosting/ssl/secure-youngguns-nl.pem
smtpd_tls_key_file = /home/yghosting/ssl/secure-youngguns-nl.key
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/opt/csw/etc/postfix/transport
unknown_address_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/opt/csw/etc/postfix/virtual
