I'm sorry but you've got me on that one. I don't get the same backscatter at all - unless there is a big storm waiting to get me as soon as some timeout period elapses. Reading the notes in the /etc/postfix/access file, you could perhaps try changing the action to DISCARD.

Alternatively have a look at /etc/postfix/header_checks to try to kill off the bounces.

It does make me wonder if you have been used as an open relay of some sort, or if you have turned on SMTP Authentication and someone has guessed your passwords.

Hi Nick,
Thanks, I have tried that and it seems to work
The side effects of this is a delivery of undeliverable email message
So for example if spammers use my email or a valid email address as from that address will get following email:

"This is the mail system at host mail.sendingdomain.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system"

Any easy ways of dealing with it?

Nick Howitt wrote:

I've done some hunting round and I found this and I'm giving it a go.

I've added:

howitts.co.uk	REJECT

to /etc/postfix/access then run "postmap /etc/postfix/access". In main.cf my smtpd_sender_restrictions now read:

smtpd_sender_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        check_sender_access hash:/etc/postfix/access,

        reject_non_fqdn_sender,

        reject_invalid_hostname

I've reloaded postfix and let's see what happens!

This is brilliant!

2 weeks ago I had 85 attempts like this. 36 of these would have been rejected because of

smtpd_client_restrictions = reject_unknown_reverse_client_hostname

but I've disabled this check for the moment. Every one of them would have been blocked by spamhaus filtering in main.cf but this is much "cheaper" and faster in computing terms as you don't have to refer to an external DNS lookup.

[edit]
Just in case anyone is wondering, I also access my server from the outside the LAN but only via port 587. ClearOS is already set up to allow access by port 465 - it just needs the firewall opening. The port 587 set up is also quite easy. This check only affects port 25 and can probably be moved up above "permit_sasl_authenticated" if you never want to relay from external via port 25. My own personal recommendation is to never allow relaying via port 25 to keep clear of the password cracking bots and script kiddies.
[/edit]

I've done some hunting round and I found this and I'm giving it a go.

I've added:

howitts.co.uk	REJECT

to /etc/postfix/access then run "postmap /etc/postfix/access". In main.cf my smtpd_sender_restrictions now read:

smtpd_sender_restrictions =

        permit_mynetworks,

        permit_sasl_authenticated,

        check_sender_access hash:/etc/postfix/access,

        reject_non_fqdn_sender,

        reject_invalid_hostname

I've reloaded postfix and let's see what happens!

Thanks Nick,
I will try that too.

If you search the forum for something like main.cf you'll find how I have hardened my postfix although it is quite aggressive.

As another idea for you, you could set up an spf record with a "fail" action. I have not had the courage to do this and only use a softfail. You also have to be careful if you relay your mail out via an ISP's (or e-mail host's) mail server that you include their smtp servers as permitted senders. My spf record reads:

v=spf1 mx a:howitts.co.uk include:virginmedia.com ~all

You can see that I relay out via virginmedia.com so I have to include their spf record. I then have to trust they get it right ......... hence the softfail.

I am assuming than an spf fail will get picked up by spamassassin so will help with spam detection.

You'll need to google "postfix header_checks" for your gateway (if it relays to your internal server and not port forwards) and but it sounds promising if you use a different mail-server for local e-mails.

There are a few other things I do, but the main one I do is absolutely trust spamhaus and add "reject_rbl_client zen.spamhaus.org" to smtpd_recipient_restrictions in /etc/postfix/main.cf.

Quick question, how do I block mail coming from and to my domain?
I have one vm which runs as the Gateway and another which runs the server with zarafa on it.
So if I do the spam filtering on the GW would that work?

Hi Nick,
Thank you.

I'd thought about that one before. You can block mail coming from and going to your domain but sadly it block all internal e-mails - this would be done with postfix and not spamassassin.

The pure ClearOS thing you can do is to activate greylisting. This cuts out a lot of rubbish. If you do, it may be an idea to update /etc/postfix/postgrey_whitelist_clients from the sources at https://github.com/schweikert/postgrey. If you use Ebay, also add their servers to /etc/postfix/postgrey_whitelist_clients.local

I'd also post on the spamassassin mailing list.

In postfix you may be able to run filter on mail with a from of your domain coming from outside your domain, but you'd probably need to post on the postfix list.