0

Over a few days I'm getting several spam mails to my junkmail folder. The return-path and from addresses are always non-existent mailaddresses of my own tld (for example non-existent@mydomain.tld).

I'm using Postfix, Dovecot with virtual mysql mailboxes and Spamassasin on a Debian Jessie system.

What can I do to get rid of those mails?

Excerpt of a mailheader:

Return-Path: <non-existent-mail-address@mydomain.tld>
Delivered-To: mymailaddress@mydomain.tld
Received: from customer-XXX-10-220.XXXXXXXX.net.mx (unknown [XXX.XXX.10.220])
        by mail.mydomain.tld (Postfix) with ESMTP id 9DE6F1CE0077
        for <mymailaddress@mydomain.tld>; Wed, 10 Feb 2016 15:13:04 +0100 (CET)
Date: Wed, 10 Feb 2016 08:11:07 -0500
From: XXX YYY <non-existent-mail-address@mydomain.tld>
To: mymailaddress@mydomain.tld
Message-Id: <5BE16BD87CC-C815A-D5FD0@XXXXXXXX.net.mx>
Subject: Rechnung Januar 2016-10087
Content-Type: multipart/mixed; boundary="----------=_56BB4572.CB81E657"
X-MB-Message-Source: WebUI
X-MB-Message-Type: User
X-Mailer: JAS STD
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
MIME-Version: 1.0
X-Spam-Flag: YES
X-Spam-Status: Yes, score=6.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_RP_RNBL,
        RCVD_IN_SBL_CSS,RCVD_IN_XBL,RDNS_NONE autolearn=no autolearn_force=no
        version=3.4.0
X-Spam-Level: ******
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.mydomain.tld

And a snip of /var/log/mail.log:

Feb 10 15:13:04 mail postfix/smtpd[13690]: warning: hostname customer-XXX-10-220.XXXXXXXX.net.mx does not resolve to address XXX.XXX.10.220: Name or service not known
Feb 10 15:13:04 mail postfix/smtpd[13690]: connect from unknown[XXX.XXX.10.220]
Feb 10 15:13:04 mail postfix/smtpd[13690]: 9DE6F1CE0077: client=unknown[XXX.XXX.10.220]
Feb 10 15:13:04 mail postfix/cleanup[13700]: 9DE6F1CE0077: message-id=<5BE16BD87CC-C815A-D5FD0@XXXXXXXX.net.mx>
Feb 10 15:13:05 mail spamd[8916]: spamd: connection from ip6-localhost [::1]:41200 to port 783, fd 6
Feb 10 15:13:05 mail spamd[8916]: spamd: processing message <5BE16BD87CC-C815A-D5FD0@XXXXXXXX.net.mx> for mymailaddress:5000
Feb 10 15:13:06 mail spamd[8916]: spamd: identified spam (6.8/5.0) for mymailaddress:5000 in 1.0 seconds, 61333 bytes.
Feb 10 15:13:06 mail spamd[8916]: spamd: result: Y 6 - HTML_MESSAGE,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,RCVD_IN_XBL,RDNS_NONE scantime=1.0,size=61333,user=mymailaddress,uid=5000,required_score=5.0,rhost=ip6-localhost,raddr=::1,rport=41200,mid=<5BE16BD87CC-C815A-D5FD0@XXXXXXXX.net.mx>,autolearn=no autolearn_force=no
Feb 10 15:13:06 mail spamd[8915]: prefork: child states: II
Feb 10 15:13:06 mail postfix/qmgr[1593]: 9DE6F1CE0077: from=<non-existent-mail-address@mydomain.tld>, size=64215, nrcpt=1 (queue active)
Feb 10 15:13:06 mail dovecot: lda(mymailaddress@mydomain.tld): sieve: msgid=<5BE16BD87CC-C815A-D5FD0@XXXXXXXX.net.mx>: stored mail into mailbox 'INBOX.Junk'
Feb 10 15:13:06 mail postfix/pipe[13703]: 9DE6F1CE0077: to=<mymailaddress@mydomain.tld>, relay=dovecot, delay=2.3, delays=2.2/0/0/0.16, dsn=2.0.0, status=sent (delivered via dovecot service)
Feb 10 15:13:06 mail postfix/qmgr[1593]: 9DE6F1CE0077: removed
Feb 10 15:13:07 mail postfix/smtpd[13690]: disconnect from unknown[XXX.XXX.10.220]
BenM
  • 748
  • 1
  • 8
  • 13
Frank
  • 3
  • 3

1 Answers1

0

As documented by Postfix you can use the following two restrictions in smtpd_sender_restrictions in main.cf:

reject_unlisted_sender

Reject the request when the MAIL FROM address is not listed in the list of valid recipients for its domain class. See the smtpd_reject_unlisted_sender parameter description for details. This feature is available in Postfix 2.1 and later.

reject_unverified_sender

Reject the request when mail to the MAIL FROM address is known to bounce, > or when the sender address destination is not reachable. Address verification information is managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details.

Diamond
  • 8,791
  • 3
  • 22
  • 37