How to reject mail to unknown user instead of sending a bounce?

General eFa discussion
Post Reply
iglooo
Posts: 25
Joined: 25 Jan 2019 19:52

How to reject mail to unknown user instead of sending a bounce?

Post by iglooo » 14 Feb 2019 19:32

There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer?

I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.

And why isn't this a default setting?

User avatar
shawniverson
Posts: 2754
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to reject mail to unknown user instead of sending a bounce?

Post by shawniverson » 16 Feb 2019 12:53

You can populate the recipient_access table

http://www.postfix.org/STANDARD_CONFIGU ... EADME.html

or try this if creating the table is not practical:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html
I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.
This alone won't do anything, it has to be used in combination with virtual_alias_maps when using virtual domains. Using virtual domain hosting makes sense when you have other domains you are trying to host and need to make a distinction between your canonical hosts and other domains, and you are treating postfix as the final destination.

http://www.postfix.org/VIRTUAL_README.html
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

iglooo
Posts: 25
Joined: 25 Jan 2019 19:52

Re: How to reject mail to unknown user instead of sending a bounce?

Post by iglooo » 19 Feb 2019 17:52

Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?

In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out

User avatar
shawniverson
Posts: 2754
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to reject mail to unknown user instead of sending a bounce?

Post by shawniverson » 19 Feb 2019 21:30

I use reject_unverified_recipient and set up my mail server to reject emails to unknown users. Incredibly simple and effective. The eFa probes the mail server, the mail server rejects, which causes eFa to reject instead of accepting and attempting to deliver the email.
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

iglooo
Posts: 25
Joined: 25 Jan 2019 19:52

Re: How to reject mail to unknown user instead of sending a bounce?

Post by iglooo » 20 Feb 2019 16:38

Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25

Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gmail for example doesn't get any self generated bounce backs or anything

Edit: So the sending mail server does generate a bounce back, but by default EFA responds with error 450 which tells the sender to retry. Changing it to 550 through unverified_recipient_reject_code gives an almost instant sender self generated rejection. I feel like this should be included in EFA by default because it would only work if your mail server is configured to rejected unknown users anyway

Post Reply