Hi,
I'm receiving certain backscatter mail (ie, mail sent by postmasters,
consisting of rejecting a mail with possible virus to the claimed
originator, which in the case of virus, can be faked, and thus are
possibly innocent). In this case, the bounce I get includes the full viral
load, which is a nuisance - and no, amavis-new does not detect it.
The problem is the "from":
Return-Path: <>
From: Mail Delivery System
I understand that the envelope-from is empty (!). See the log excerpt:
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP> MAIL FROM: <> SIZE=33229
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP< 250 Ok
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP> RCPT TO:
Nov 26 23:57:25 nimrodel postfix/smtpd[14970]: 11CBE20C4D: client=localhost[127.0.0.1]
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP< 250 Ok
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP> DATA
Nov 26 23:57:25 nimrodel fetchmail[14958]: SMTP< 354 End data with <CR><LF>.<CR><LF>
Nov 26 23:57:25 nimrodel postfix/cleanup[14973]: 11CBE20C4D: message-id=
I have this rule in '/etc/postfix/access', which works for many others
similar emails:
mailer-daemon@mx.mixmail.com REJECT Blocking backscatter mail from virus scanners
but it doesn't trigger in this case :-(
Ideas?
Perhaps the problem could be that postfix is not checking the sender
address for existence :-?
That would be:
smtpd_sender_restrictions = hash:/etc/postfix/access,reject_unknown_sender_domain
But that would cause a dns check for every mail, I suppose. What about
reject_non_fqdn_sender?
--
Cheers,
Carlos Robinson