info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
redirecting bounces
153 views
Skip to first unread message
nqbya...@gmail.com
Aug 16, 2016, 9:30:20 PM8/16/16
to
In my setup currently the MX records point to a server running Postfix and that server passes the emails on to and external email hosting service.
MX -> Postfix -> external Hosting
(This will be changed in the near future but is at the moment a necessity and is generally working.)
Occasionally, malware slips through and the external hosting provider will permanently fail it with "... status=bounced (host aspmx.l.google.com[74.125.28.26] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0 ..."
In this case Postfix will attempt to send an NDR to the spoofed sender address and becomes a backscatter source that way.
All of the NDRs I have seen that the Postfix server is sending are in response to malware. So instead of sending NDRs I would like to save the bounces to a local file or send them to another email account (one without malware filter) for occasional review and to make sure no important messages failed. Somehow this appears to be incredibly difficult to do.
What I have tried:
in master.cf I tried to change the bounce behavior by changing the end of the line:
bounce unix - - n - 0 bounce
to
bounce unix - - n - 0 pipe flags=FRq user=myuser argv=/opt/save1.pl ${sender}
but /opt/save1.pl is not even being executed. (getting "Aug 16 16:42:57 localhost postfix/pipe[4604]: warning: unexpected attribute nrequest from bounce socket (expecting: flags)
Aug 16 16:42:57 localhost postfix/pipe[4604]: warning: deliver_request_get: error receiving common attributes" )
I also tried the smtp command trying to reroute to another SMTP dump server:
bounce unix - - n - 0 smtp 192.168.20.20:25
but that failed with "Aug 16 15:16:08 localhost postfix/smtp[29661]: fatal: unexpected command-line argument: 192.168.20.20:25"
I also tried to set a bounce recipient using bounce_notice_recipient,
2bounce_notice_recipient and delay_notice_recipient options in main.cf
but nothing worked.
Does anybody have a recipe for doing this?
MX -> Postfix -> external Hosting
(This will be changed in the near future but is at the moment a necessity and is generally working.)
Occasionally, malware slips through and the external hosting provider will permanently fail it with "... status=bounced (host aspmx.l.google.com[74.125.28.26] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0 ..."
In this case Postfix will attempt to send an NDR to the spoofed sender address and becomes a backscatter source that way.
All of the NDRs I have seen that the Postfix server is sending are in response to malware. So instead of sending NDRs I would like to save the bounces to a local file or send them to another email account (one without malware filter) for occasional review and to make sure no important messages failed. Somehow this appears to be incredibly difficult to do.
What I have tried:
in master.cf I tried to change the bounce behavior by changing the end of the line:
bounce unix - - n - 0 bounce
to
bounce unix - - n - 0 pipe flags=FRq user=myuser argv=/opt/save1.pl ${sender}
but /opt/save1.pl is not even being executed. (getting "Aug 16 16:42:57 localhost postfix/pipe[4604]: warning: unexpected attribute nrequest from bounce socket (expecting: flags)
Aug 16 16:42:57 localhost postfix/pipe[4604]: warning: deliver_request_get: error receiving common attributes" )
I also tried the smtp command trying to reroute to another SMTP dump server:
bounce unix - - n - 0 smtp 192.168.20.20:25
but that failed with "Aug 16 15:16:08 localhost postfix/smtp[29661]: fatal: unexpected command-line argument: 192.168.20.20:25"
I also tried to set a bounce recipient using bounce_notice_recipient,
2bounce_notice_recipient and delay_notice_recipient options in main.cf
but nothing worked.
Does anybody have a recipe for doing this?
d.agosti...@gmail.com
Aug 24, 2016, 1:33:39 PM8/24/16
to
nqbya...@gmail.com
Aug 29, 2016, 12:30:03 AM8/29/16
to
Thanks for the link, I will read through it.
Regards,
Regards,
0 new messages