Backscatter Rejection
Jump to navigation
Jump to search
Backscatter is email traffic, usually spam, that is generated by a legit email server in the form of bounced email messages. Even if you run a decently configured email server, backscatter will be a problem, specially for email servers that have a large bouncing surface attack like mailing lists.
Backscatter will get your IP to be blacklisted if the spam you unknowingly generate gets caught in a spam blacklist honeypot.
Postfix tweaks
- The following entries can be added or adapted to an existing
/etc/postfix/main.cfPostfix config file:
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining smtpd_recipient_restrictions = permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_reverse_client_hostname, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unauth_pipelining, reject_unknown_recipient_domain, check_policy_service unix:private/policy-spf # you need third party software, see below permit_mynetworks, reject_unauth_destination
- For SPF policy check:
apt install postfix-policyd-spf-python
- And then add the following at the end of your
/etc/postfix/master.cf:
# SPF check policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf