What I'm doing wrong?

Skip to first unread message


Aug 7, 2021, 12:39:59 AM8/7/21
I have Postfix server that serves several domain names. Despite all my efforts to tweak my Postfix configuration, spam like these is sent out of my server:

Aug 5 08:37:38 mail postfix/error[9631]: BC96418C10: to=<avci...@comcast.net>, relay=none, delay=161913, delays=161238/676/0/0.04, dsn=4.4.2, status=deferred (delivery temporarily suspended: conversation with mx1.comcast.net[] timed out while receiving the initial server greeting)
Aug 5 10:07:45 mail postfix/error[31924]: BC96418C10: to=<avci...@comcast.net>, relay=none, delay=167320, delays=166039/1281/0/0.04, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=comcast.net type=MX: Host not found, try again)
Aug 5 11:23:43 mail postfix/error[18751]: BC96418C10: to=<avci...@comcast.net>, relay=none, delay=171878, delays=171438/440/0/0.12, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx2.comcast.net[2001:558:fe21:2a::6]:25: Network is unreachable)
Aug 5 12:54:11 mail postfix/error[8920]: BC96418C10: to=<avci...@comcast.net>, relay=none, delay=177306, delays=175938/1367/0/0.06, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx1.comcast.net[2001:558:fe16:1b::15]:25: Network is unreachable)
Aug 5 14:07:22 mail postfix/error[27186]: BC96418C10: to=<avci...@comcast.net>, relay=none, delay=181697, delays=181338/359/0/0.03, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to mx2.comcast.net[2001:558:fe21:2a::6]:25: Network is unreachable)

Some relevant Postfix settings are:

virtual_alias_maps = hash:/etc/postfix/virtual
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
smtpd_sasl_auth_enable = yes
smtpd_tls_security_level = encrypt
smtp_tls_security_level = may
mailbox_size_limit = 0
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /ssl/ssl.key
smtpd_tls_CAfile = /ssl/ssl.ca
smtpd_tls_cert_file = /ssl/ssl.crt
smtp_use_tls = yes
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination check_policy_service unix:/var/spool/postfix/postgrey/socket permit_inet_interfaces

smtpd_sender_restrictions = reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/access

If I put:

smtpd_relay_restrictions = permit_mynetworks, reject

then spam is effectively prevented. However, in that case legitimate users can not connect to their account using their email client programs too.

Could anyone give me the right direction how to allow legitimate users (of domain names hosted on the same server) to use this mail server, but prevent any other outgoing mail originated from other parties blocked?

Thanks a lot!
Reply all
Reply to author
0 new messages