Postfix – receiving many “Undelivered Mail Returned to Sender”

postfixspam

I once set up my server using this guide (or a very similar one)

But from time to time I have days or weeks of flooding "Undelivered Mail Returned to Sender" to my inbox. Oh and I am using catch-all mail forward on my domains.

This is an example from the mail:

Reporting-MTA: dns; blah.blah.myserverhost.net
X-Postfix-Queue-ID: 6278A33009D8
X-Postfix-Sender: rfc822; dd4f0d0cc@mydomain.net
Arrival-Date: Mon, 20 Oct 2014 08:19:54 +0200 (CEST)

Final-Recipient: rfc822; mycatchall@forwardadress.net
Original-Recipient: rfc822;dd4f0d0cc@mydomain.net
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [2001:4ba0:fff8:c2::2      12] Our system has
detected that this 550-5.7.1 message is likely unsolicited mail. To reduce
the amount of spam sent 550-5.7.1 to Gmail, this message has been blocked.
Please visit 550-5.7.1
http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550
5.7.1 more information. rq6si12888645lbb.21 - gsmtp

I have masked the real hostnames. So they are mails sending from my domain to my domain with random prefixes, like from "123@domain.net" to "456@domain.net"

With my catch all I receive all that failure notices, as it's detected as spam.

How can I stop getting this emails?

Best Answer

After doing some research i managed to stop the spam for now. Here are some notes for other users.

First of all i had Clamav + Spamassasin running and a valid SPF-record, by the time i posted the problem. Still it wasnt enough. So i changed/altered following settings:

postfix - main.cf

added:

smtpd_helo_required = yes

edited: smtpd_helo_restrictions to

smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname

edited: smtpd_recipient_restrictions to

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_client_access regexp:/etc/postfix/blacklist_clients, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, permit

This adds some blacklist services and reads another filter file "/etc/postfix/blacklist_clients"

Content of "/etc/postfix/blacklist_clients"

# IP
/^106\.66\.76\.244$/        REJECT UCE black-listed
/^113\.162\.119\.31$/       REJECT UCE black-listed
/^113\.160\.251\.42$/       REJECT UCE black-listed
/^62\.0\.70\.29$/           REJECT UCE black-listed

(you can add those ips yourself, as those are nasty spam ips)

I found them by doing some log-reading.

Works great for my setup. (remember i use catch-all mail)

Best Answer

Related Solutions

Deliver Status Notification & Undelivered Mail Returned to Sender

Gmail not accepting emails from the local Postfix server

Related Topic