I have a small Postfix installation with virtual domains that runs well, however, a user is complaining of being hit with flood of rejects from spam sent out from elsewhere as though from him, the rejects are coming back to him
the user in question has been, by his former request, exempted from some checks: --------------- # cat recipient_no_checks # Let email to the following destinations bypass all the remaining # "reject" and "check" tests. tld.com.au OK --------------- I'll remove him from recipient_no_checks, but, is there some other stuff I should be doing as well ? Greetings to the list and all the best in New Year! ---------------------- mail_version = 2.11.0 # postconf -n address_verify_sender = $double_bounce_sender alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases allow_min_user = no allow_percent_hack = no anvil_rate_time_unit = 1800s biff = no body_checks = pcre:/etc/postfix/body_checks body_checks_size_limit = 150000 bounce_queue_lifetime = 4h broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 delay_warning_time = 0h disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 enable_original_recipient = no header_checks = pcre:/etc/postfix/header_checks home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 mail_owner = postfix mailbox_command = /usr/libexec/dovecot/deliver mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 4000s maximal_queue_lifetime = 4h message_size_limit = 20971520 mime_header_checks = pcre:$config_directory/mime_headers.pcre minimal_backoff_time = 300s mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname mydomain = sbt.net.au myhostname = emu.sbt.net.au mynetworks = //removed// 127.0.0.1 myorigin = emu.sbt.net.au newaliases_path = /usr/bin/newaliases.postfix proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions queue_directory = /var/spool/postfix queue_run_delay = 300s readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf recipient_delimiter = + relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf sample_directory = /usr/share/doc/postfix-2.11.0/samples sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp-amavis_destination_recipient_limit = 1 smtp_data_init_timeout = 240s smtp_data_xfer_timeout = 600s smtp_tls_loglevel = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_session_cache_timeout = 3600s smtpd_client_connection_rate_limit = 50 smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_no_checks, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client zen.spamhaus.org, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client psbl.surriel.com, reject_rhsbl_sender dsn.rfc-ignorant.org, check_policy_service inet:127.0.0.1:10031 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_path = ./dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key smtpd_tls_loglevel = 1 smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 36000s swap_bangpath = no tls_random_source = dev:/dev/urandom transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf unknown_local_recipient_reject_code = 550 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf virtual_gid_maps = static:2000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf virtual_minimum_uid = 2000 virtual_transport = dovecot virtual_uid_maps = static:2000