Dec 28 21:31:22 ns36023 postfix/cleanup[28504]: A1052229FE:
message-id=<20071228203122.
Dec 28 21:31:22 ns36023 postfix/qmgr[24536]: A1052229FE: from=<>,
size=6925, nrcpt=1 (queue active)
Dec 28 21:31:22 ns36023 postfix/bounce[21572]: E8E66229FC: sender
non-delivery notification: A1052229FE
Dec 28 21:31:22 ns36023 postfix/qmgr[24536]: E8E66229FC: removed
Dec 28 21:31:22 ns36023 postfix/smtp[13506]: 94D78229FF:
to=<jra...@apu.edu>, relay=mx.apu.edu[199.184.238.25]:25, delay=1.3,
delays=0/0/0.45/0.82, dsn=2.6.0, status=sent (250 2.6.0
<200712282031...@xxxxxx.xxxx.xx> Queued mail for delivery)
Dec 28 21:31:22 ns36023 postfix/qmgr[24536]: 94D78229FF: removed
Dec 28 21:31:23 ns36023 postfix/smtpd[27054]: disconnect from
ppp91-122-162-209.pppoe.avangard-dsl.ru[91.122.162.209]
Dec 28 21:31:24 ns36023 postfix/smtp[4933]: A1052229FE:
to=<jra...@apu.edu>, relay=mx.apu.edu[199.184.238.25]:25, delay=1.4,
delays=0/0/0.45/0.94, dsn=2.6.0, status=sent (250 2.6.0
<200712282031...@xxxxxx.xxxx.xx> Queued mail for delivery)
Dec 28 21:31:24 ns36023 postfix/qmgr[24536]: A1052229FE: removed
> See the sample below : nobody on the server really tried to send a mail
> to jra...@apu.edu, but I got a sent status after a strange 'sender
> non-delivery notification'
>
The usual reason for unexpected "non-deliverable" reports is that
somebody on the Internet has forged your address as the sender of spam
that got bounced. This is known as back-scatter - search for that term
to get a full explanation.
The best defense is to set up an SPF record for your domain - look at
these sites for explanation of SPF and how to set up and test an SPF record:
http://www.openspf.org/
http://www.kitterman.com/spf/validate.html
--
martin@ | Martin Gregorie
gregorie. | Essex, UK
org |
>> See the sample below : nobody on the server really tried to send a
>> mail to jra...@apu.edu, but I got a sent status after a strange
>> 'sender non-delivery notification'
> >
> The usual reason for unexpected "non-deliverable" reports is that
> somebody on the Internet has forged your address as the sender of spam
> that got bounced. This is known as back-scatter - search for that term
> to get a full explanation.
>
> The best defense is to set up an SPF record for your domain - look at
> these sites for explanation of SPF and how to set up and test an SPF
> record:
>
> http://www.openspf.org/
> http://www.kitterman.com/spf/validate.html
Thanks. I'm going to read it asap.
bounce_queue_lifetime = 0
smtpd_banner = $myhostname ESMTP $mail_name (xxxxxx)
biff = no
append_dot_mydomain = no
myhostname = xxxxxx.xxxx.xx
mydomain = xxxx.xx
mynetworks_style = host
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_generic_maps = hash:/etc/postfix/generic
transport_maps = hash:/etc/postfix/transport
myorigin = $mydomain
mydestination = $myhostname $mydomain
relay_domains = $mydomain
mynetworks = 127.0.0.1 xxx.xxx.xxx.xxx
recipient_delimiter = +
mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
local_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
mailbox_size_limit = 0
message_size_limit = 50000000
smtpd_reject_unlisted_recipient = no
smtpd_tls_key_file = /etc/ssl/mailAC/private/server_tls.pem
smtpd_tls_cert_file = /etc/ssl/mailAC/certs/server_signed.pem
smtpd_tls_CAfile = /etc/ssl/mailAC/private/mailAC.crt
smtpd_tls_loglevel = 1
smtp_recipient_restrictions = permit_mynetworks reject
smtp_tls_key_file = /etc/ssl/mailAC/private/server_tls.pem
smtp_tls_cert_file = /etc/ssl/mailAC/certs/server_signed.pem
smtp_tls_CAfile = /etc/ssl/mailAC/private/mailAC.crt
smtp_tls_loglevel = 1
> Thanks. I'm going to read it asap.
>
Earlier this year I was getting quite a bit of backscatter, so I set up
an SPF record. The backscatter gradually got less and now I see almost none.
The descriptions of exactly what details should go in the SPF record are
not all that clear, so I'd strongly advise you to use the wizard in the
second reference to create the record and then use the other tools to
test it.
> myorigin = $mydomain
> relay_domains = $mydomain
>
Good.
> mynetworks = 127.0.0.1 xxx.xxx.xxx.xxx
>
What does xxx.xxx.xxx.xxx represent? Is it your ISP's MTA or your
domain's MX server(s)?
mynetworks should not permit anything that is not under your control or
trusted by you to send mail through Postfix. Are your users trusted or
are you running a spam filter on outbound mail?
About all I can tell is that you're using TLS keys to secure SMTP
connections to other MTAs and restricting originating MUAs to
$mynetworks, so that should be OK though its hard to be certain without
knowing what xxx.xxx.xxx.xxx represents.
It's my client router IP. It gives me the ability to send email directly
from my MUA. It's a potential weak, if the provider decides to change it
(it never ocurred since two years), and also by IP spoofing, so I
schedule to setup a TLS access, which was not possible with the previous
release of postfix I used.
Where I'm outside, I use the local IMP client by a ssl https access.
Thanks Martin for your help. It's good to have it (it was almost tricky
to setup postfix correctly with only the official documentation, and the
web).
Have a happy new years (it should be already done, regarding your location)
jm