| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-05-2010, 07:01 PM
|
#1
|
|
LQ Newbie
Registered: Nov 2009
Distribution: CentOS
Posts: 18
Rep: 
|
Preventing Backscatter with Postfix
I have Googled and searched dozens of forums and mailing list archives for a couple days now, and I haven't found a straightforward answer to what is REALLY required in a Postfix main.cf file to stop backscatter.
A couple of our servers are stil being flagged as sending backscatter. Is it possible to send a bounce message these days without it being considered backscatter?
I keep adding suggested "fixes" to my main.cf file, but Backscatterer.org still says we're doing it.
Here's my postconf -n output:
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
local_recipient_maps = unix:passwd.byname $alias_maps
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain, $mydomain
mynetworks = 127.0.0.0/8
myorigin = xxxxxxxxx.com
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_reject_unlisted_recipient = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Am I missing something and/or have stuff in there I don't need? I'm at my wits end! 
EDIT: Backscatterer.org gave me a timestamp for the last time my server reportedly offended, and this is the matching entry in my maillog:
Code:
Aug 4 12:06:35 zork postfix/smtp[1966]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=mail.acanthuscaput.com[69.30.193.210]
:25, delay=17478, delays=17299/0.01/23/156, dsn=5.0.0, status=bounced (host mail.acanthuscaput.com[69.30.193.210] said: 554 We don't
take bounces from systems listed at BACKSCATTERER.ORG (in reply to DATA command))
A grep of the maillog for any line that includes that email address showed:
Code:
Aug 4 07:15:17 zork dkimproxy.in[24014]: DKIM verify - none; message-id=<e53801cb33de$1b1a2359$bc68ffa7@acanthuscaput.com>, from=<tod7shigeo@acanthuscaput.com>
Aug 4 07:15:18 zork postfix/qmgr[21673]: E7C3E107E57: from=<tod7shigeo@acanthuscaput.com>, size=3546, nrcpt=1 (queue active)
Aug 4 07:15:48 zork postfix/smtp[17610]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=30, delays=0/0/30/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug 4 07:37:33 zork postfix/smtp[18959]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=1335, delays=1299/0.01/36/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug 4 08:10:48 zork postfix/smtp[20889]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=3330, delays=3299/0.02/31/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug 4 09:17:33 zork postfix/smtp[24742]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=7336, delays=7300/0.03/36/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug 4 10:40:57 zork postfix/smtp[29543]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=none, delay=12340, delays=12299/0.03/41/0, dsn=4.4.1, status=deferred (connect to mail.acanthuscaput.com[69.30.193.210]: Connection timed out)
Aug 4 12:06:35 zork postfix/smtp[1966]: 4EE011080EA: to=<tod7shigeo@acanthuscaput.com>, relay=mail.acanthuscaput.com[69.30.193.210]:25, delay=17478, delays=17299/0.01/23/156, dsn=5.0.0, status=bounced (host mail.acanthuscaput.com[69.30.193.210] said: 554 We don't take bounces from systems listed at BACKSCATTERER.ORG (in reply to DATA command))
Last edited by SteveJenkins; 08-05-2010 at 07:16 PM.
|
|
|
|
|
08-06-2010, 06:21 PM
|
#2
|
|
LQ Newbie
Registered: Nov 2009
Distribution: CentOS
Posts: 18
Original Poster
Rep:
|
80+ views and no ideas?  I'm running Postfix 2.3.3, btw.
I've read all the FAQs on the Postfix site (but most seem a little outdated).
Any nudges in the right direction would be appreciated. |
|
|
|
|
08-06-2010, 09:36 PM
|
#3
|
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep: 
|
Quote:
|
Is it possible to send a bounce message these days without it being considered backscatter?
|
Are you accepting the messages and then bouncing them?
Are you rejecting the messages without accepting them?
Quote:
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_reject_unlisted_recipient = yes
|
Why do you need these settings?
Last edited by jamrock; 08-06-2010 at 10:49 PM.
|
|
|
|
|
08-29-2010, 06:29 PM
|
#4
|
|
LQ Newbie
Registered: Nov 2009
Distribution: CentOS
Posts: 18
Original Poster
Rep:
|
Quote:
Originally Posted by jamrock
Are you accepting the messages and then bouncing them? Are you rejecting the messages without accepting them?
|
Frankly, I have no idea. That's why I pasted in those lines from the mail log. What SHOULD it be doing to properly prevent backscatter?
Quote:
Originally Posted by jamrock
Why do you need these settings?
|
I saw them in a post that suggested they be there to help stop backscatter ( http://www.linuxquestions.org/questi...roblem-724444/). But it seems there's a whole lot of voodoo when it comes to this subject, and very few people are able to give some definitive answers. I'm really hoping for some shoves in the right direction.
Last edited by SteveJenkins; 08-29-2010 at 06:36 PM.
|
|
|
|
|
08-29-2010, 09:41 PM
|
#5
|
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep:
|
I am not an expert on this. However, I will tell you what I understand.
Mail servers receive a lot of spam. Spammers often use forged addresses when they send email.
You can either:
reject these messages
accept them, then bounce them.
If you reject them, they will not end up in your mail queue.
If you accept them then bounce them, you create backscatter. This happens because you are trying to bounce mail to addresses that do not exist.
http://www.postfix.org/BACKSCATTER_README.html
From what I understand, Postfix rejects unknown recipients by default.
http://www.postfix.org/LOCAL_RECIPIENT_README.html
I would start by finding out why this is not happening on your server.
Can you set up a test server? I would start by commenting out the following and testing the results:
Quote:
local_recipient_maps = unix asswd.byname $alias_maps
|
The comments in the main.cf suggest that the default value is sufficient.
Quote:
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unlisted_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
permit
smtpd_reject_unlisted_recipient = yes
|
I hope this helps.
You may also find this document useful
http://www.postfix.org/BASIC_CONFIGURATION_README.html
Last edited by jamrock; 08-29-2010 at 10:07 PM.
|
|
|
|
|
08-29-2010, 11:19 PM
|
#6
|
|
LQ Newbie
Registered: Nov 2009
Distribution: CentOS
Posts: 18
Original Poster
Rep:
|
I appreciate the reply Jamrock (especially since nobody else has!) but I was hoping for a bit more guidance than "RTFM." I have read all those things, and the myriad posts by others having these same problems, and there seem to be very few experts who can speak with any authority as to why it's happening. From what I can see on the tests we're running, we're rejecting the mail instead of bouncing it. But we're STILL ending up in backscatter reports. |
|
|
|
|
08-30-2010, 05:50 AM
|
#7
|
|
Member
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444
Rep:
|
Quote:
Originally Posted by SteveJenkins
and there seem to be very few experts who can speak with any authority as to why it's happening.
|
I suspect that is so because it is not the norm. Postfix rejects unknown recipients by default. If you make only the changes in the basic configuration document it doesn't happen.
Quote:
Originally Posted by SteveJenkins
From what I can see on the tests we're running, we're rejecting the mail instead of bouncing it. But we're STILL ending up in backscatter reports.
|
Can you post the logs showing the mail being rejected? |
|
|
|
All times are GMT -5. The time now is 10:05 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
