On 09/15/2010 09:36 AM, Christian Rößner wrote:
ad4f0.5040...@roessner-net.com is a message-ID, not an email address.
Here it is used as an email-address
That was the original recipient address that was shown in my daily logs. So I
tested the situation with the same destination from web.de.
Then they send spam to that message-ID thinking it's an email address.
The RHS is correct, so your Postfix server initially accepts it.
And that's the problem. Why?
You're apparently relaying to a content filter before doing recipient
address verification.
As you can see from his postconf -n, he IS doing recipient address
verification
Now you are at the same point like I :-) Why is it not rejecting?
Simple.
You have virtual_mailbox_domains set, but no virtual_mailbox_maps.
smtpd_reject_unlisted_recipients states that it will reject the message IFF:
The recipient domain matches $virtual_mailbox_domains
<postconf.5.html#virtual_mailbox_domains> but the recipient is not
listed in $virtual_mailbox_maps <postconf.5.html#virtual_mailbox_maps>,
*/and $virtual_mailbox_maps <postconf.5.html#virtual_mailbox_maps> is
not null./*
In your case, virtual_mailbox_maps IS NULL, so the message is passed as
accepted to the delivery transport.
You should reject unlisted recipients as soon as possible, to prevent
backscatter bounces.
Use the same map that dovecot has for valid mailboxes as
virtual_mailbox_maps.
--
J.
