Re: Disable NDR

2010-05-24 Thread Brian Evans - Postfix List 
On 5/24/2010 2:10 PM, Linux Addict wrote:
> These are the restrictions. Surely the host which is sending spam is
> part of mynetworks.
>
> smtpd_recipient_restrictions =
[snip]
> reject_rbl_client blackholes.easynet.nl
> ,
> reject_rbl_client cbl.abuseat.org ,
> reject_rbl_client proxies.blackholes.wirehub.net
> ,
> reject_rbl_client bl.spamcop.net ,
> reject_rbl_client sbl.spamhaus.org ,
> reject_rbl_client dnsbl.njabl.org ,
> reject_rbl_client list.dsbl.org ,
> reject_rbl_client multihop.dsbl.org ,
> permit
>

It's great that you've solved your issue.

You may want to note that the dsbl, easynet and wirehub lists are dead
now for a long time. I suggest removal.
If you so desire, it is possible to combine cbl.abuseat.org and
sbl.spamhaus.org by using sbl-xbl.spamhaus.org and get a few more feeds
at the same time.  zen.spamhaus.org may be a consideration too if it
suits your needs.

IMHO, it is good practice for a mail admin to review the blacklists in
use from time to time.

Brian

Re: Disable NDR

2010-05-24 Thread Linux Addict 
On Mon, May 24, 2010 at 2:25 PM, John Adams  wrote:

> On 24.05.2010 20:05, Linux Addict wrote:
>
>> Hello, One of my postfix server is sending thousands of messages to
>> non-existent mail box in another internal server. The internal
>> application sends mail as mailb...@domain.net
>>  thru postfix. The TO addresses are invalid.
>>
>> I need reject  messages from those domains not resolved.
>>
>>
>>
>> to=> >, relay=none,
>>
>> delay=0.05, delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or
>> domain name not found. Name service error for name=dsaperftest.edu
>>  type=A: Host not found)
>>
>> thank you
>> LA
>>
>
>
> Well, if its one of your hosts doing the spamming turn of the application
> that is causing it. Or blacklist the sender host's IP address on the first
> receiving smtp server. Or do some sender address verification on your mail
> gateway (or however your email architecture looks like - I have no idea).
>


The postfix MX are behind a load balancer so they dont show the actual IP. I
stopped the postfix, then did postcat on one of the queued  message and
found the spam host. thanks for your help.

Re: Disable NDR

2010-05-24 Thread John Adams 

On 24.05.2010 20:05, Linux Addict wrote:

Hello, One of my postfix server is sending thousands of messages to
non-existent mail box in another internal server. The internal
application sends mail as mailb...@domain.net
 thru postfix. The TO addresses are invalid.
I need reject  messages from those domains not resolved.



to=mailto:dmr0613420524125827...@dsaperftest.edu>>, relay=none,
delay=0.05, delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or
domain name not found. Name service error for name=dsaperftest.edu
 type=A: Host not found)

thank you
LA



Well, if its one of your hosts doing the spamming turn of the 
application that is causing it. Or blacklist the sender host's IP 
address on the first receiving smtp server. Or do some sender address 
verification on your mail gateway (or however your email architecture 
looks like - I have no idea).

Re: Disable NDR

2010-05-24 Thread Linux Addict 
On Mon, May 24, 2010 at 2:05 PM, Linux Addict wrote:

> Hello, One of my postfix server is sending thousands of messages to
> non-existent mail box in another internal server. The internal application
> sends mail as  mailb...@domain.net thru postfix. The TO addresses are
> invalid. I need reject  messages from those domains not resolved.
>
>
>
> to=, relay=none, delay=0.05,
> delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not
> found. Name service error for name=dsaperftest.edu type=A: Host not found)
>
> thank you
> LA
>

These are the restrictions. Surely the host which is sending spam is part of
mynetworks.

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client proxies.blackholes.wirehub.net,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client multihop.dsbl.org,
permit

disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
 reject_non_fqdn_hostname,
 reject_invalid_hostname,
 permit

transport_maps = hash:/etc/postfix/transport
smtpd_recipient_limit = 300
data_directory = /var/lib/postfix
smtpd_tls_wrappermode = no

Disable NDR

2010-05-24 Thread Linux Addict 
Hello, One of my postfix server is sending thousands of messages to
non-existent mail box in another internal server. The internal application
sends mail as  mailb...@domain.net thru postfix. The TO addresses are
invalid. I need reject  messages from those domains not resolved.



to=, relay=none, delay=0.05,
delays=0.01/0/0.04/0, dsn=5.4.4, status=bounced (Host or domain name not
found. Name service error for name=dsaperftest.edu type=A: Host not found)

thank you
LA