How to reject mail to unknown user instead of sending a bounce?

General eFa discussion
Post Reply
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

How to reject mail to unknown user instead of sending a bounce?

Post by iglooo »

There's countless bounces sent out every day by postfix in reply to spam sent to unknown users. How can we flat out reject said emails instead of sending a bounce to a (most likely) spammer?

I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.

And why isn't this a default setting?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to reject mail to unknown user instead of sending a bounce?

Post by shawniverson »

You can populate the recipient_access table

http://www.postfix.org/STANDARD_CONFIGU ... EADME.html

or try this if creating the table is not practical:

http://www.postfix.org/ADDRESS_VERIFICATION_README.html
I read that you can add "virtual_alias_domains = $mydomain" to main.cf but I don't know if that would work as we use multiple domains and I don't want to break mailflow.
This alone won't do anything, it has to be used in combination with virtual_alias_maps when using virtual domains. Using virtual domain hosting makes sense when you have other domains you are trying to host and need to make a distinction between your canonical hosts and other domains, and you are treating postfix as the final destination.

http://www.postfix.org/VIRTUAL_README.html
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

Re: How to reject mail to unknown user instead of sending a bounce?

Post by iglooo »

Hm.. I see. It doesn't sound exactly ideal - how do you have it personally configured?

In the meantime I've configured "maximal_queue_lifetime = 1d" so at least the outgoing queue won't get filled up over 5 days with messages that will never make it out
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to reject mail to unknown user instead of sending a bounce?

Post by shawniverson »

I use reject_unverified_recipient and set up my mail server to reject emails to unknown users. Incredibly simple and effective. The eFa probes the mail server, the mail server rejects, which causes eFa to reject instead of accepting and attempting to deliver the email.
iglooo
Posts: 32
Joined: 25 Jan 2019 19:52

Re: How to reject mail to unknown user instead of sending a bounce?

Post by iglooo »

Gotcha! I added reject_unverified_recipient and set up relay to exchange:2525 because exchange 2013 doesn't check rcpt:to on port 25

Just to make sure, what's the expected behavior? The sender doesn't get any bounce backs if the user doesn't exist, correct? I see "NOQUEUE: reject" in maillog, but gmail for example doesn't get any self generated bounce backs or anything

Edit: So the sending mail server does generate a bounce back, but by default EFA responds with error 450 which tells the sender to retry. Changing it to 550 through unverified_recipient_reject_code gives an almost instant sender self generated rejection. I feel like this should be included in EFA by default because it would only work if your mail server is configured to rejected unknown users anyway
Post Reply