Hi, Terry. Again, very helpful advice presented in a way I understand. :) Thank you.
Based on Jeroen's advice, I've modified my main.cf file to restrict much more of the undeliverable mail on the way IN. Just from watching my logfile over the past few minutes, I'm seeing a LOT more rejections for "Domain not found" and "cannot find your reverse hostname" as well as warnings for "address not listed for" and "Helo command rejected: need fully-qualified hostname." That's awesome! I'm assuming that after watching these warnings for a while and being satisfied that these warnings are appearing only for SPAM that I can turn off the warning and simply reject. What should I use as a good indicator for when it's time to do that? Like you, I also tend to be more practical than pragmatic, so even if it causes a few sighs and finger wags, I'm open to quietly sinking mail that I can't deliver. Any pointers on exactly how to do that? Thanks again, Steve -----Original Message----- From: Terry Gilsenan [mailto:[email protected]] Sent: Tuesday, October 19, 2010 7:27 PM To: Steve Jenkins; Postfix users Subject: RE: Fighting Backscatter From: [email protected] [[email protected]] On Behalf Of Steve Jenkins [[email protected]] Sent: Wednesday, 20 October 2010 10:52 AM To: Postfix users Subject: RE: Fighting Backscatter >I will gladly solve the RIGHT problem. The fact that I'm here looking for >guidance should demonstrate that I'm looking to do exactly that. >Unfortunately, I can't simply put "DO NOT forward SPAM" in my main.cf and >have it work. ;) After reading through all the docs and various blog and >forum posts, and making my best efforts at incorporating what I've learned >into my configuration, it seems I'm still causing backscatter. That's >exactly why I'm posting on Postfix-users - because I need a little more >guidance than just "RTFM." :) So if anyone can help me with some SPECIFIC >steps to take, I'd be very appreciative. Steve, Backscatter is caused by a configuration that accepts all email and then bounces email it cannot deliver. This is where your configuration is faulty. Only accept email that you can deliver! If you cannot deliver email for any reason you should be determining this within the SMTP transaction phase and responding to the sending MTA with the appropriate rejection code. Any email that you do actually accept and for which your server tells the sending MTA "OK", you either need to deliver or if your filters are setup appropriately, quietly sink. (purists will say this should never happen, but pragmatists reallize that some content inspection testing cannot be done until the email has been fully rec'd) If you have this sorted out then your backscatter problems will go away. Rule of thumb: Start with a config that accepts nothing, then add exceptions for things that you want to accept email for, and nothing else.
