Hi,
>>Return-Path: <MAILER-DAEMON> >> >>to disguise as a bounce and bypass any further checks. >> >>So the PCRE header check >> >>/^Return-Path: <MAILER-DAEMON>/ REJECT Forged Return-Path >> >>does not catch. >are you sure it's a Return-Path header? >usually, envelope sender is put to Return-Path, so you may need to block envelope sender MAILER-DAEMON. >You can see Return-Path after delivery to mbox, but it's often not generated before that, so at SMTP level it may not exist. Not sure what puts it there. The logs reveal very little about those deliveries. I mainly see a connect and then: Feb 3 13:34:47 stretch greylisting filter[32274]: Bounce message. SKIP Feb 3 13:34:48 stretch postfix/qmgr[16941]: B0F0D6A402A6: from=<>, size=925, nrcpt=1 (queue active) Feb 3 13:34:48 stretch postfix-local[32278]: postfix-local: from=MAILER-DAEMON, to=... In between just plesk stuff about what it can not do with that mail, like greylisting, virus scan.. >I catch those by putting reject_non_fqdn_sender into smtpd_sender_restrictions: Mine looks like this: smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_non_fqdn_sender, check_sender_access pcre:/etc/postfix/pcre_sender, reject_unknown_sender_domain Greets, Ludi
