On Sun, Oct 20, 2013 at 09:25:55PM +0200, Alexandre Ellert wrote:
> Wietse, you said that it's not safe to use "internal_mail_filter_classes
> = bounce".
>
> What are your recommandation ?
Why do you need to send outbound bounces on the border MTA itself?
You should not accept inbound mail that is going to bounce. Best
solution is to only send inbound bounces for failed outbound mail,
and your internal users presumably don't need signatures on the
bounce mail.
Don't sign bounces, they may contain malware or other content that
you would not want to sign.
If you really must sign bounces:
- Configure Postfix to send bounces with just the original
message headers, no body.
bounce_size_limit = 1
- Then either route outbound mail through dedicated Postfix instances
distinct from those processing inbound mail (appropriate transport
settings, ...), or enable the unsafe filtering of bounces, these
should be less risky with header-only bounces.
internal_mail_filter_classes = bounce
--
Viktor.
