Page 1 of 1

How to reject mail to unknown user instead of sending a bounce?

Posted: 14 Feb 2019 19:32
by iglooo
There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer?

I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.

And why isn't this a default setting?

Re: How to reject mail to unknown user instead of sending a bounce?

Posted: 16 Feb 2019 12:53
by shawniverson
You can populate the recipient_access table

http://www.postfix.org/STANDARD_CONFIGU ... EADME.html

or try this if creating the table is not practical:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html
I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.
This alone won't do anything, it has to be used in combination with virtual_alias_maps when using virtual domains. Using virtual domain hosting makes sense when you have other domains you are trying to host and need to make a distinction between your canonical hosts and other domains, and you are treating postfix as the final destination.

http://www.postfix.org/VIRTUAL_README.html

Re: How to reject mail to unknown user instead of sending a bounce?

Posted: 19 Feb 2019 17:52
by iglooo
Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?

In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out

Re: How to reject mail to unknown user instead of sending a bounce?

Posted: 19 Feb 2019 21:30
by shawniverson
I use reject_unverified_recipient and set up my mail server to reject emails to unknown users. Incredibly simple and effective. The eFa probes the mail server, the mail server rejects, which causes eFa to reject instead of accepting and attempting to deliver the email.

Re: How to reject mail to unknown user instead of sending a bounce?

Posted: 20 Feb 2019 16:38
by iglooo
Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25

Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gmail for example doesn't get any self generated bounce backs or anything

Edit: So the sending mail server does generate a bounce back, but by default EFA responds with error 450 which tells the sender to retry. Changing it to 550 through unverified_recipient_reject_code gives an almost instant sender self generated rejection. I feel like this should be included in EFA by default because it would only work if your mail server is configured to rejected unknown users anyway