On Sun, Oct 20, 2013 at 09:25:55PM +0200, Alexandre Ellert wrote: > Wietse, you said that it's not safe to use "internal_mail_filter_classes > = bounce". > > What are your recommandation ?
Why do you need to send outbound bounces on the border MTA itself? You should not accept inbound mail that is going to bounce. Best solution is to only send inbound bounces for failed outbound mail, and your internal users presumably don't need signatures on the bounce mail. Don't sign bounces, they may contain malware or other content that you would not want to sign. If you really must sign bounces: - Configure Postfix to send bounces with just the original message headers, no body. bounce_size_limit = 1 - Then either route outbound mail through dedicated Postfix instances distinct from those processing inbound mail (appropriate transport settings, ...), or enable the unsafe filtering of bounces, these should be less risky with header-only bounces. internal_mail_filter_classes = bounce -- Viktor.