On 05/14/12 12:38, Vinícius Ferrão wrote:
> Hello,
>
> I'm running a postfix mail filtering gateway in a hardened gentoo box
> and I really don't know what to do with double-bounced messages.
>
> Since we have a lot of spam bots attacking our infrastructure, the
> double bounce messages cannot be ignored and mail mail queue is growing
> with undeliverable double bounce messages.
>
> Any thoughts on what should be done to handle this?
>
If you are accepting mail for addresses that don't belong to you, stop!
That makes you a backscatter source, and will eventually (rightly) get
you blacklisted.
You said it's a mail filtering gateway... Usually the reason people
backscatter on a gateway is because "it's hard" to get a list of all
valid recipients; usually those recipients are on some other mail
server. There are ways to do it, though, and you must, e.g.
a) Run a cron job that pulls valid accounts every hour.
b) Store the email accounts in a database, and allow the gateway to
query the database to determine which users are valid.
c) Use recipient verification[1]. When receiving mail, your gateway
can open a connection to the real mail server in the background,
and see if the recipient is valid.
We use a combination of all three. We use (a) for an old Windows box,
(b) for users stored in Dovecot, and (c) for customers with their own
Exchange servers.
If you ask over on postfix-users and provide the output of `postconf
-n`, there are plenty of people who are able to give you tips relevant
to your specific configuration.
[1] http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
