Postfix Double Bounce Handling

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix Double Bounce Handling

Vinícius Ferrão
Hello,
 
I'm running a postfix mail filtering gateway in a hardened gentoo box and I really don't know what to do with double-bounced messages.
 
Since we have a lot of spam bots attacking our infrastructure, the double bounce messages cannot be ignored and mail mail queue is growing with undeliverable double bounce messages.
 
Any thoughts on what should be done to handle this?

 
Thanks in advance,
Vinícius Ferrão


Reply | Threaded
Open this post in threaded view
|

Re: Postfix Double Bounce Handling

Michael Orlitzky-2
On 05/14/12 12:38, Vinícius Ferrão wrote:

> Hello,
>  
> I'm running a postfix mail filtering gateway in a hardened gentoo box
> and I really don't know what to do with double-bounced messages.
>  
> Since we have a lot of spam bots attacking our infrastructure, the
> double bounce messages cannot be ignored and mail mail queue is growing
> with undeliverable double bounce messages.
>  
> Any thoughts on what should be done to handle this?
>

If you are accepting mail for addresses that don't belong to you, stop!
That makes you a backscatter source, and will eventually (rightly) get
you blacklisted.

You said it's a mail filtering gateway... Usually the reason people
backscatter on a gateway is because "it's hard" to get a list of all
valid recipients; usually those recipients are on some other mail
server. There are ways to do it, though, and you must, e.g.

  a) Run a cron job that pulls valid accounts every hour.

  b) Store the email accounts in a database, and allow the gateway to
     query the database to determine which users are valid.

  c) Use recipient verification[1]. When receiving mail, your gateway
     can open a connection to the real mail server in the background,
     and see if the recipient is valid.


We use a combination of all three. We use (a) for an old Windows box,
(b) for users stored in Dovecot, and (c) for customers with their own
Exchange servers.

If you ask over on postfix-users and provide the output of `postconf
-n`, there are plenty of people who are able to give you tips relevant
to your specific configuration.


[1] http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient


Reply | Threaded
Open this post in threaded view
|

Re: Postfix Double Bounce Handling

Vinícius Ferrão
Thanks for your quick response Michael,

But I don't understand what can make my server a backscatter source.

I'm not relaying from outside, and I only accept messages from my domain, and only from my aging sendmail+dovecot server, so no relaying from outside.

What I don't have is what you said: check for local recipients. But this is a problem?

Thanks in advance,

On May 14, 2012, at 2:22 PM, Michael Orlitzky wrote:

> On 05/14/12 12:38, Vinícius Ferrão wrote:
>> Hello,
>>
>> I'm running a postfix mail filtering gateway in a hardened gentoo box
>> and I really don't know what to do with double-bounced messages.
>>
>> Since we have a lot of spam bots attacking our infrastructure, the
>> double bounce messages cannot be ignored and mail mail queue is growing
>> with undeliverable double bounce messages.
>>
>> Any thoughts on what should be done to handle this?
>>
>
> If you are accepting mail for addresses that don't belong to you, stop!
> That makes you a backscatter source, and will eventually (rightly) get
> you blacklisted.
>
> You said it's a mail filtering gateway... Usually the reason people
> backscatter on a gateway is because "it's hard" to get a list of all
> valid recipients; usually those recipients are on some other mail
> server. There are ways to do it, though, and you must, e.g.
>
>  a) Run a cron job that pulls valid accounts every hour.
>
>  b) Store the email accounts in a database, and allow the gateway to
>     query the database to determine which users are valid.
>
>  c) Use recipient verification[1]. When receiving mail, your gateway
>     can open a connection to the real mail server in the background,
>     and see if the recipient is valid.
>
>
> We use a combination of all three. We use (a) for an old Windows box,
> (b) for users stored in Dovecot, and (c) for customers with their own
> Exchange servers.
>
> If you ask over on postfix-users and provide the output of `postconf
> -n`, there are plenty of people who are able to give you tips relevant
> to your specific configuration.
>
>
> [1] http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
>
>


smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Postfix Double Bounce Handling

Michael Orlitzky-2
On 05/14/12 14:48, Vinícius Ferrão wrote:
> Thanks for your quick response Michael,
>
> But I don't understand what can make my server a backscatter source.
>
> I'm not relaying from outside, and I only accept messages from my
> domain, and only from my aging sendmail+dovecot server, so no
> relaying from outside.
>

In that case, how are spam bots a problem?

Can you post an example of a bounce, and the logs where it entered your
mail system?


Reply | Threaded
Open this post in threaded view
|

Re: Postfix Double Bounce Handling

tanstaafl-2
In reply to this post by Vinícius Ferrão
On 2012-05-14 2:48 PM, Vinícius Ferrão <[hidden email]> wrote:
> But I don't understand what can make my server a backscatter source.
>
> I'm not relaying from outside, and I only accept messages from my
> domain,

*From* your domain? Or destined *for* your domain?

> and only from my aging sendmail+dovecot server, so no relaying from
> outside.

Well, since you haven't proven any of your assertions, we have no way of
knowing.

You should be asking this on the postfix list, but we can probably help
you here too, if you are willing to listen...

First, we'll need full output of postconf -n...

> What I don't have is what you said: check for local recipients. But
> this is a problem?

If you accept messages to *any* address (including invalid recipients),
then that is what is causing the bounce messages.

If you only accept messages for valid recipients, the bounces stop.
Simple, no?