Filtering your inbound traffic for spam and malware will prevent these cases (malicious messages will not be forwarded).
Marius. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sebastian Wiesinger Sent: Friday, May 9, 2014 12:02 AM To: Postfix Users Subject: Wait if downstream MTA accepts mail - reject if not Hello, I have some users that forward their mail to GMAIL. This is implemented with virtual alias maps. So postfix forwards: [email protected] -> [email protected] The problem is when SPAM mails get through all the postfix defences and get forwarded to GMAIL. GMAIL does some body checks and rejects the mail like this: relay=gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1b]:25, delay=3.8, delays=2.7/0.01/0.51/0.6, dsn=5.7.0, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1b] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0 http://support.google.com/mail/bin/answer.py?answer=6590 to review our 552 5.7.0 message content and attachment content guidelines. f45si10647314eet.279 - gsmtp (in reply to end of DATA command)) Now postfix generates a bounce message which 99.9% of the time will not be deliverable (because sender is faked) and just sit in the queue for five days. Question is, is there a way to prevent this from happening (if possible without using sender verification)? Something like relaying the error back to the client (delay accepting the mail until dowstream MTA has accepted it as well) or not generating a non-delivery notification... I can't figure out if that is possible with postfix. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
