Thank you for your reply and information
I still am learning postfix and appreciate any information I can use to protect my users.
from your last post "NO message is sent when your server REJECTS a message (unless you've configured it to do so)" how do I make sure it is NOT configured to send REJECT messages? Evidently my current configuration allows these to be sent.
Postconf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = no
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp:[127.0.0.1]:2526
delay_warning_time = 1h
disable_vrfy_command = yes
error_notice_recipient =
policy.admin@example.com
helpful_warnings = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
#regularly send manuals to off site contracters
message_size_limit = 30280000
mydestination = domain, mail.domain, localhost, domain2.net
myhostname = mail.domain.net
# All except 1 users are limited to one location, my 1 off site user is
confined to webmail to send mail
mynetworks = 127.0.0.0/8 xxx.xxx.xxx.xxx
myorigin = /etc/mailname
#Policy is temp for design assessment
notify_classes = resource, software, delay, bounce, policy
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_client_access
hash:/etc/postfix/client_restrictions
check_recipient_access
hash:/etc/postfix/postmaster,
reject_invalid_hostname,
permit
smtpd_data_restrictions =
reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_helo_access static:warn
check_helo_access
hash:/etc/postfix/helo_client_exceptions,
check_helo_access
hash:/etc/postfix/helo_restricted,
reject_non_fqdn_hostname,
warn_if_reject,
reject_invalid_helo_hostname,
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access
hash:/etc/postfix/postmaster,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client korea.blackholes.us,
reject_rbl_client korea.blackholes.us,
reject_rbl_client russia.blackholes.us,
reject_rbl_client china.blackholes.us,
reject_rbl_client taiwan.blackholes.us,
reject_rbl_client japan.blackholes.us,
reject_rbl_client nigeria.blackholes.us,
reject_rbl_client argentina.blackholes.us,
reject_rbl_client brazil.blackholes.us,
reject_rbl_client thailand.blackholes.us,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/sender_access_list,
check_sender_access
hash:/etc/postfix/sender_bans,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit