Tuesday, March 24, 2015

backscatter due to loopback mx

After quite a lot of trial and error in our dev environment, googleing and spending some hours in the #postfix IRC channel, I came up with the following solution:


Add the following in your smtpdrecipientrestrictions in your main.cf:

vi /etc/postfix/main.cf

[...] smtpd_recipient_restrictions =

checkrecipientmxaccess cidr:/etc/postfix/recipientmxaccess.cidr Create the file that contains your rejected bogus MX records: vi /etc/postfix/recipientmx_access.cidr

0.0.0.0/8 REJECT Domain MX in broadcast network

10.0.0.0/8 REJECT Domain MX in RFC 1918 private network

127.0.0.0/8 REJECT Domain MX in loopback network

169.254.0.0/16 REJECT Domain MX in link local network

172.16.0.0/12 REJECT Domain MX in RFC 1918 private network

192.0.2.0/24 REJECT Domain MX in TEST-NET-1 network

192.168.0.0/16 REJECT Domain MX in RFC 1918 private network

198.51.100.0/24 REJECT Domain MX in TEST-NET-2 network

203.0.113.0/24 REJECT Domain MX in TEST-NET-3 network

224.0.0.0/4 REJECT Domain MX in class D multicast network

240.0.0.0/5 REJECT Domain MX in class E reserved network

248.0.0.0/5 REJECT Domain MX in reserved network


::1/128 REJECT Domain MX is Loopback address ::/128 REJECT Domain MX is Unspecified address ::/96 REJECT Domain MX in IPv4-Compatible IPv6 ff00::/8 REJECT Domain MX in Multicast network

fe80::/10 REJECT Domain MX in Link-local unicast network

fec0::/10 REJECT Domain MX in Site-local unicast network

Last but not least, restart Postfix:

service postfix restart







from lizard's ghost http://ift.tt/1HuToh0

No comments:

Post a comment