Postfix - receiving many "Undelivered Mail Returned to Sender"
After doing some research i managed to stop the spam for now. Here are some notes for other users.
First of all i had Clamav + Spamassasin running and a valid SPF-record, by the time i posted the problem. Still it wasnt enough. So i changed/altered following settings:
postfix - main.cf
added:
smtpd_helo_required = yes
edited: smtpd_helo_restrictions to
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
edited: smtpd_recipient_restrictions to
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_client_access regexp:/etc/postfix/blacklist_clients, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit
This adds some blacklist services and reads another filter file "/etc/postfix/blacklist_clients"
Content of "/etc/postfix/blacklist_clients"
# IP
/^106\.66\.76\.244$/ REJECT UCE black-listed
/^113\.162\.119\.31$/ REJECT UCE black-listed
/^113\.160\.251\.42$/ REJECT UCE black-listed
/^62\.0\.70\.29$/ REJECT UCE black-listed
(you can add those ips yourself, as those are nasty spam ips)
I found them by doing some log-reading.
Works great for my setup. (remember i use catch-all mail)
Related videos on Youtube
02 : 25
01 : 37
22 : 05
05 : 57
01 : 25
Daniel
Updated on September 18, 2022Comments
-
Daniel almost 2 years
I once set up my server using this guide (or a very similar one)
But from time to time I have days or weeks of flooding "Undelivered Mail Returned to Sender" to my inbox. Oh and I am using catch-all mail forward on my domains.
This is an example from the mail:
Reporting-MTA: dns; blah.blah.myserverhost.net X-Postfix-Queue-ID: 6278A33009D8 X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Mon, 20 Oct 2014 08:19:54 +0200 (CEST) Final-Recipient: rfc822; [email protected] Original-Recipient: rfc822;[email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.1 [2001:4ba0:fff8:c2::2 12] Our system has detected that this 550-5.7.1 message is likely unsolicited mail. To reduce the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. rq6si12888645lbb.21 - gsmtpI have masked the real hostnames. So they are mails sending from my domain to my domain with random prefixes, like from "[email protected]" to "[email protected]"
With my catch all I receive all that failure notices, as it's detected as spam.
How can I stop getting this emails?