Backscatter Rejection

From Run Your Own
Revision as of 17:34, 21 May 2018 by 320x200 (talk | contribs) (Created page with "Backscatter is email traffic, usually spam, that is generated by a legit email server in the form of bounced email messages. Even if you run a decently configured email server...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Backscatter is email traffic, usually spam, that is generated by a legit email server in the form of bounced email messages. Even if you run a decently configured email server, backscatter will be a problem, specially for email servers that have a large bouncing surface attack like mailing lists.

Postfix tweaks

The following entries can be added or adapted to an existing /etc/postfix/main.cf Postfix config file:

smtpd_sender_restrictions =
  permit_sasl_authenticated, permit_mynetworks,
  warn_if_reject reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  reject_unauth_pipelining

smtpd_recipient_restrictions =
  permit_sasl_authenticated,
  reject_non_fqdn_sender,
  reject_unknown_reverse_client_hostname,
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,
  reject_unknown_sender_domain,
  reject_non_fqdn_recipient,
  reject_unauth_pipelining,
  reject_unknown_recipient_domain,
  check_policy_service unix:private/policy-spf
  permit_mynetworks,
  reject_unauth_destination