LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix Backscatter Problem (https://www.linuxquestions.org/questions/linux-server-73/postfix-backscatter-problem-724444/)

glyn3332 05-07-2009 12:26 PM
Postfix Backscatter Problem
 
Hi All,

I have a server running postfix and I keep getting blacklisted for backscattering. I want to just out and out reject unknown recipients but I've been trying all day to do it and the only time I succeeded was when it rejected all recipients.

Here's the configs:

Main


queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

mydestination = $myhostname, localhost.$mydomain, localhost

content_filter=smtp-amavis:[127.0.0.1]:10024

unknown_local_recipient_reject_code = 550

mynetworks_style = host

alias_maps = hash:/etc/postfix/aliases

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

manpage_directory = /usr/share/man

alias_database = hash:/etc/postfix/aliases

virtual_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
virtual_mailbox_domains = $transport_maps
local_destination_concurrency_limit=1
maildrop_destination_concurrency_limit=1
maildrop_destination_recipient_limit=1
relay_domains=$mydestination
smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous

sender_bcc_maps = hash:/etc/postfix/bcc_maps
recipient_bcc_maps = hash:/etc/postfix/bcc_maps


Master

# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=spamchk:dummy
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
# spamchk is new mail transport (mail filter)
spamchk unix - n n - 10 pipe
flags=Rq user=spamd argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient}

maildrop unix - n n - - pipe
flags=DRhu user=daemon:mail argv=/usr/bin/maildrop -d ${recipient}

uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

smtp-amavis unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000


Any help you can give is a great help :)

Thanks

Glyn

farslayer 05-07-2009 02:28 PM
When you post your configuration for assistance with postfix it's best to post the output of the command postconf -n that will show us ONLY changes you have made frodefault settings making it easier to spot what might be wrong.. Also if you folloewed a specific how-to to configure teh system referencing a link to that can be helpful as well.. just fyi for the future.

You want to read this.. http://www.postfix.org/SMTPD_ACCESS_README.html

Your current restrictions.. not much..
Code:
smtpd_recipient_restrictions=
                  permit_mynetworks,
                  permit_sasl_authenticated, 
                  reject_unauth_destination

Some suggested restrictions..
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
Code:
For 2.x versions of Postfix:

    /etc/postfix/main.cf:

        smtpd_helo_required = yes
        disable_vrfy_command = yes

        smtpd_recipient_restrictions =
            reject_invalid_hostname,
            reject_non_fqdn_hostname,
            reject_non_fqdn_sender,
            reject_non_fqdn_recipient,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            permit_mynetworks,
            reject_unauth_destination,
            check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
            check_helo_access dbm:/etc/postfix/helo_checks,
            check_sender_access dbm:/etc/postfix/sender_checks,
            check_client_access dbm:/etc/postfix/client_checks,
            check_client_access pcre:/etc/postfix/client_checks.pcre,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client sbl.spamhaus.org,
            reject_rbl_client pbl.spamhaus.org
            permit

        smtpd_data_restrictions =
            reject_unauth_pipelining,
            permit
you will need to read up on the additional restrictions, especially the ones I turned gray..
the gray entries refere to additional configuration files you need to create if you decide to use those options. .


All times are GMT -5. The time now is 02:43 AM.