postmaster queue issue

sili

Renowned Member
Dec 21, 2015
39
2
73
36
Hi,

We have set up Reject unknown recipient.
But someone keeps attempting to test accounts repeatedly, causing the postmaster to continuously respond with rejection emails.
What are the ways to prevent such malicious attacks?

Thanks

1698115499701.png

1698115581944.png
 

Attachments

  • 1698115428231.png
    1698115428231.png
    8.4 KB · Views: 1
Please share the logs as text of some of those mails where the spammer tries to check for existing addresses - are you sure your downstream server responds with a 5xx error on an unknown recipient at the RCPT TO stage?
 
Please share the logs as text of some of those mails where the spammer tries to check for existing addresses - are you sure your downstream server responds with a 5xx error on an unknown recipient at the RCPT TO stage?
Hi,

This is incoming log.

Code:
Oct 24 14:18:10 mg1 postfix/smtpd[199672]: connect from unknown[43.133.213.179]
Oct 24 14:18:10 mg1 postfix/smtpd[199672]: 861EFDB78: client=unknown[43.133.213.179]
Oct 24 14:18:10 mg1 postfix/cleanup[199674]: 861EFDB78: message-id=<f15eeb094a3dbcd376dd02b2ff179edc@mail.my.softbank.com>
Oct 24 14:18:10 mg1 postfix/qmgr[459]: 861EFDB78: from=<info-fiivzfmnzbotlkgj@mail.my.softbank.com>, size=7709, nrcpt=1 (queue active)
Oct 24 14:18:10 mg1 postfix/smtpd[199672]: disconnect from unknown[43.133.213.179] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 24 14:18:10 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: new mail message-id=<f15eeb094a3dbcd376dd02b2ff179edc@mail.my.softbank.com>#012
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: SA score=7/5 time=0.935 bayes=1.00 autolearn=no autolearn_force=no hits=BAYES_99(3.5),BAYES_999(0.2),FROM_LOCAL_NOVOWEL(0.5),GB_SUBJ25(0.5),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_LAZY_DOMAIN_SECURITY(1),RCVD_IN_BL_SPAMCOP_NET(1.347),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_NONE(0.001)
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: added disclaimer (rule: External Warning)
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: added disclaimer (rule: External Warning)
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: notify <info-fiivzfmnzbotlkgj@mail.my.softbank.com> (rule: Reject unkown recipient, A1C91E2F2)
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: block mail to <epijoxsanw@aaa.com> (rule: Reject unkown recipient)
Oct 24 14:18:11 mg1 pmg-smtp-filter[199284]: E146653761A2A2D35: processing time: 1.049 seconds (0.935, 0.026, 0)
Oct 24 14:18:11 mg1 postfix/lmtp[199675]: 861EFDB78: to=<epijoxsanw@aaa.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.2, delays=0.09/0/0.05/1.1, dsn=2.7.0, status=sent (250 2.7.0 BLOCKED (E146653761A2A2D35))
Oct 24 14:18:11 mg1 postfix/qmgr[459]: 861EFDB78: removed

This is autoreply

1698132464756.png

We are not use 5XX reply

We use Reject unknown recipient. (follow this steps)
1698132515579.png

1698132650323.png
 
Why not simply use the Verify Receivers setting - it uses SMTP, and is very robust - and usually needs no or very little modifications on the downstream server?

Anyways - The article you linked explicitly configures the action of creating a bounce to the sender - so sending bounces out is what you've configured and this is what PMG does

My recommendation: use 'Verify Receivers'
 
Why not simply use the Verify Receivers setting - it uses SMTP, and is very robust - and usually needs no or very little modifications on the downstream server?

Anyways - The article you linked explicitly configures the action of creating a bounce to the sender - so sending bounces out is what you've configured and this is what PMG does

My recommendation: use 'Verify Receivers'
Hi,

I try to set up Verify Receivers to 450 or 550.

But it will reject all mail.

Code:
Oct 25 20:02:55 mg postfix/smtpd[271155]: connect from mail-yw1-f173.google.com[209.85.128.173]
Oct 25 20:02:56 mg postfix/smtpd[271155]: NOQUEUE: reject: RCPT from mail-yw1-f173.google.com[209.85.128.173]: 450 4.1.1 <testusr@aaa.com>: Recipient address rejected: unverified address: host 192.168.1.33[192.168.1.33] said: 550 5.1.0 <double-bounce@aaa.com>: Sender address rejected: aaa.com (in reply to RCPT TO command); from=<gmailtest@gmail.com> to=<testusr@aaa.com> proto=ESMTP helo=<mail-yw1-f173.google.com>
Oct 25 20:02:56 mg postfix/smtpd[271155]: disconnect from mail-yw1-f173.google.com[209.85.128.173] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!