10

I run a Postfix server that hosts a small, alias-based mailing list. Let's say people@myserver forwards to alice@someprovider and bob@someotherprovider. Now, alice@someprovider might use a more restrictive spam filter than I do.

When a spam mail from (forged) backscattervictim@somewhere to people@myserver arrives, and my spam filter detects it as spam, it is rejected in the SMTP phase --> no harm done.

However, when the same mail gets through my server, my server tries to forward it to alice, and her server rejects it during the SMTP phase, my server creates a bounce message to the innocent backscatter victim. (Which makes sense from the point of view of my server, but it's annoying for the backscatter victim.)

Is there a way to prevent this behavior? I don't want to turn off NDRs, since (in general) they serve a legitimate purpose.

Heinzi
  • 2,138
  • 5
  • 30
  • 51
  • looking for a solution as well; in sendmail you can just create a `NAME-request` alias which gets the bounces… – mirabilos Sep 19 '22 at 19:31

2 Answers2

4

If it isn't flagged as spam, but alice rejects the mail, I can't see a way for your Postfix server to not bounce the mail back to the victim, without turning off NDR's :(

Perhaps if alice marked that mail as spam somewhere in the header back to you?

atx
  • 1,281
  • 1
  • 9
  • 25
  • 1
    Alice didn't mark the mail as spam, as it was not accepted during SMTP dialog. The wasn't delivered to Alice. But you are right that there is no solution for that. – mailq Jun 09 '11 at 13:19
  • 5
    I'm having this problem... mail is being forwarded to a google address, and google will reject a message as spam, and they mostly get stuck in my mailq because the return-path email doesn't actually exist. (meanwhile, yahoo has blacklisted my server for all of these backscatter emails). Is there a way in postfix to just drop a message if google says it's spam, but not if it's some other problem? – Jay K Jun 04 '13 at 15:03
0

Instead of discarding bounces completely, it is possible to intercept all outgoing NDRs and redirect them to a single mailbox instead of discarding them.

In /etc/postfix/main.cf:

header_checks = regexp:/etc/postfix/header_checks
internal_mail_filter_classes = bounce,notify

In /etc/postfix/header_checks:

/^From: MAILER-DAEMON.*/ REDIRECT someuser+bounces@youmailbox.net

This means all bounces will go to a single mailbox which may be a good enough compromise between discarding and sending NDRs out for small sites with few users.

Ideally you would do this for only NDRs to non-local users but I don't think that's possible with header_checks alone.