[svlug] Postfix and remote email...

[Michael Robinson]

I'm using stock Postfix 2.6.6 on my relays and the hub.

I'm using luser_relay on my mail hub now, if someone manages to target 
a non-existent local recipient I'll get to see the message and examine
it closely.

What about messages destined for remote recipients?

I'm fairly certain that my mail hub will not accept email directly from
SMTP servers out on the Internet, or bots for that matter.  My relays
right now might be able to accept email with forged source addresses.
I'm pretty sure that my relays restrict email they'll deliver to the 
hub to a list of valid relay recipients at my domain.  To test can my
mail hub provide service to Internet clients, I've used telnet from
Eskimo to port 25 on my mail hub's outside IP address.  Doesn't connect
at all.

I don't want to bounce the body of emails when I bounce.

Maybe I need to check my mail relays to verify that they won't relay
messages to arbitrary domains.  I don't think they will, but if they 
try and bounce on failure via the hub, that might explain why my hub
occasionally plugs up it's queue with MAILER-DAEMON messages for
messages not sourced from my domain and not destined to my domain.  
I don't want to contribute to the Internet's backscatter email
problem.  

I think there is an abuse vector that works like this:

Attacker forges the source address with intent to have the message 
go to that source.

My relay receives the message and bounces it because the recipient 
is invalid.

My mail hub does the bouncing and someone gets spammed.

How do I close this abuse vector?  Perhaps I can detect a forged sender
and deny service at the relay?  Is there a way to reprogram the hub so
that it never informs a remote sender that they can't reach a domain 
it doesn't serve anyways?  The hub should never inform foo at bar.com that
a message cannot reach foo2 at bar2.com where bar.com and bar2.com are not
domains that I serve.  Worse, foo at bar.com may not be the true source of
the message which is probably spam.