There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer?
I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.
And why isn't this a default setting?
How to reject mail to unknown user instead of sending a bounce?
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to reject mail to unknown user instead of sending a bounce?
You can populate the recipient_access table
http://www.postfix.org/STANDARD_CONFIGU ... EADME.html
or try this if creating the table is not practical:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/VIRTUAL_README.html
http://www.postfix.org/STANDARD_CONFIGU ... EADME.html
or try this if creating the table is not practical:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
This alone won't do anything, it has to be used in combination with virtual_alias_maps when using virtual domains. Using virtual domain hosting makes sense when you have other domains you are trying to host and need to make a distinction between your canonical hosts and other domains, and you are treating postfix as the final destination.I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.
http://www.postfix.org/VIRTUAL_README.html
Re: How to reject mail to unknown user instead of sending a bounce?
Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?
In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out
In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to reject mail to unknown user instead of sending a bounce?
I use reject_unverified_recipient and set up my mail server to reject emails to unknown users. Incredibly simple and effective. The eFa probes the mail server, the mail server rejects, which causes eFa to reject instead of accepting and attempting to deliver the email.
Re: How to reject mail to unknown user instead of sending a bounce?
Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25
Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gmail for example doesn't get any self generated bounce backs or anything
Edit: So the sending mail server does generate a bounce back, but by default EFA responds with error 450 which tells the sender to retry. Changing it to 550 through unverified_recipient_reject_code gives an almost instant sender self generated rejection. I feel like this should be included in EFA by default because it would only work if your mail server is configured to rejected unknown users anyway
Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gmail for example doesn't get any self generated bounce backs or anything
Edit: So the sending mail server does generate a bounce back, but by default EFA responds with error 450 which tells the sender to retry. Changing it to 550 through unverified_recipient_reject_code gives an almost instant sender self generated rejection. I feel like this should be included in EFA by default because it would only work if your mail server is configured to rejected unknown users anyway