Undelivered mail returned to sender, coming in by the hundreds. Help stopping?

Allright, so I've run into a bit of a war with the spambots.. they're always out to get me.. As the title suggests, I'm getting a lot of bounced emails.. lots. I've tried a few methods of controlling this, but I'm still getting them, and I have no idea how to stop it at this point, aside from disabling an e-mail address and/or shutting down my mail service.. As of tonight, I'm getting them by the dozens every minute, and resorted to shutting it all down until I can find a solution..

So any help anyone's willing to volunteer, will make me very happy lol.

  • I'll attach an example e-mail last, to save your eyes.

Steps I've taken so far. (Involved a lot of net searching and tweaks too numerous to recall.. none of which worked.)

1) Blocking by IP.
(https://ethitter.com/2016/03/blocking-sender-ips-in-postfix/)
Got that from this address, followed the steps.. still getting undelivered's.

That involved setting up a client_checks file, postmapping it, and adding IP's to block to a list.

2) Same thing different guy.
(https://serverfault.com/questions/638254/postfix-receiving-many-undelivered-mail-returned-to-sender)
That one seemed to work for about a week, but no more.. Same principle, different syntax.

3) Policy banks, I've attempted to block by domain.. no go.

4) Disabled php related phpadmin stuff.

5) Frequent rotation of passwords.

6) Changed configured ports to a different port, which did no good.

At this stage, I'm wondering if they're not somehow coming locally.. I'm not educated enough in the matter to know what to look for, or what actions I can/should take if that is the case.. My server has very little activity otherwise. It's mainly for my own e-mail and a light game server.

As promised, an example mail.

-------------------------- Lines to note email beginning

This is the mail system at host redacted.redacted.com

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

               The mail system

zsaxer66@web.de: host mx-ha03.web.de[212.227.15.17] said: 550 Requested
action not taken: mailbox unavailable (in reply to RCPT TO command)

Reporting-MTA: dns; redacted.redacted.com
X-Postfix-Queue-ID: 1CFE621F89
X-Postfix-Sender: rfc822; admunsterator@redacted.com
Arrival-Date: Thu, 4 Apr 2019 17:22:08 -0500 (CDT)

Final-Recipient: rfc822; zsaxer66@web.de
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx-ha03.web.de
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable

Copy of: Hey süß.eml
Subject:
Copy of: Hey süß
From:
No Net For You admunsterator@redacted.com
Date:
4/4/2019, 5:22 PM
To:
zsaxer66@web.de
Return-Path:
admunsterator@redacted.com
Received:
from localhost (localhost [127.0.0.1]) by Redacted.redacted.com (Postfix) with ESMTP id 1CFE621F89 for zsaxer66@web.de; Thu, 4 Apr 2019 17:22:08 -0500 (CDT)
X-Virus-Scanned:
Debian amavisd-new at
Received:
from redacted.redacted.com ([127.0.0.1]) by localhost (mail.redcated.com --fqdn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jyKkFpH7ocNL for zsaxer66@web.de; Thu, 4 Apr 2019 17:22:07 -0500 (CDT)
Received:
from redacted.com (localhost [127.0.0.1]) by redacted.r.c (Postfix) with ESMTPS id 0FB3221F8F for zsaxer66@web.de; Thu, 4 Apr 2019 17:22:07 -0500 (CDT)
Reply-To:
zsaxer66 zsaxer66@web.de
Message-ID:
830556e1c4b2ee8dd112f7eebc2d3509@redacted.com
MIME-Version:
1.0
Content-Type:
text/plain; charset=utf-8
Content-Transfer-Encoding:
8bit

This is a copy of the following message you sent to Your Name via No Net For You

This is an enquiry email via http://redacted.com/ from:
zsaxer66 zsaxer66@web.de

Erkenne mich? Du hast gesagt, dass ich sehr schön bin. Möchten Sie sich kennenlernen? Schau mich an - https://drive.google.com/open?id=1cGW9_uB5pEqZ6IlZUEm-X5CYXVo0YqCU

--------------------------- End mail example

--------------------------- Main.cf
Sorry it's ugly, I tried to pretty it up a bit, and removed a lot of commented out stuff.

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

appending .domain is the MUA's job.

append_dot_mydomain = no

readme_directory = no

Sh I added

smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname,

Sh that was with the sh

smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes

Enabling SMTP for authenticated users, and handing off authentication to Dovecot

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

added sender restric

smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname,
reject_unknown_sender_domain,

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,

Added this sh

    check_client_access regexp:/etc/postfix/blacklist_clients,
check_client_access cidr:/etc/postfix/client_checks,
    reject_rbl_client zen.spamhaus.org,
reject_rbl_client dnsbl.sorbs.net,
permit,

myhostname = Redacted
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

Handing off local delivery to Dovecot's LMTP, and telling it where to store mail

virtual_transport = lmtp:unix:private/dovecot-lmtp

Virtual domains, users, and aliases

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

Additional option for filtering

content_filter = smtp-amavis:[127.0.0.1]:10024

1 Reply

Issue seems to be resolved..

for anyone else in the same boat, adding this to the main.cf SEEMS to have resolved the issue for now.

-o smtpd_reject_unlisted_recipient=yes

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct