backscatter antispam

[maumar]

i read on Backscatterer.org powered by UCEPROTECT
that i need to use 550 as return code for unknown user
zimbra use 450 as postifx default

Postfix Configuration Parameters
"unverified_recipient_reject_code (default: 450)
The numerical Postfix SMTP server response when a recipient address is rejected by the reject_unverified_recipient restriction.
Unlike elsewhere in Postfix, you can specify 250 in order to accept the address anyway.
Do not change this unless you have a complete understanding of RFC 821. "

do u suggest me to change it?
what your opinion?
which files should i change?
./zimbra/postfix-2.2.9/conf/main.cf.default
./zimbra/postfix-2.2.9/conf/main.cf

TIA

[phoenix]

You can modify zmmta.cf and change smtpd_reject_unlisted_recipient from 'no' to 'yes' then restart postfix, that will reject them. You will need to make that change every time you upgrade Zimbra as that setting does not persist.

[maumar]

You can modify zmmta.cf and change smtpd_reject_unlisted_recipient from 'no' to 'yes' then restart postfix, that will reject them. You will need to make that change every time you upgrade Zimbra as that setting does not persist.

i have a mailgw on front of zimbra, and when it does try to deliver to a unknown zimbra account, zimbra reply with 450
so mailq into mailgw does show:

6B29A37E73 7969 Thu Oct 4 10:20:08 newsletter@finanza.com
(host 85.18.70.164[85.18.70.164] said: 450 <xxxx@fbs.it>: Recipient address rejected: undeliverable address: fbs.it (in reply to RCPT TO command))

if zimbra could reply 550, mailgw would not queue 450 reply
definitly better, imho

do u suggest to let 450 or to change it into 550?
where i can change it?

[mmorse]

unknown_local_recipient_reject_code = 550

[maumar]

unknown_local_recipient_reject_code = 550

true, i should use
unknown_local_recipient_reject_code
instead of
unverified_recipient_reject_code
so only mail incoming (and not outgoing) get this code

thnx ....and, btw, where should i add it:
/opt/zimbra/postfix-2.2.9/conf/main.cf.default
/opt/zimbra/postfix-2.2.9/conf/main.cf
/opt/zimbra/conf/zmmta.cf
TIA

[mmorse]

zmmta should be fine
-though you could upgrade to 4.5.7 first so you don't have to do this all over again

unverified takes on different meanings in smtpd_recipient_restrictions & smtpd_sender_restrictions - and people tend to forget to list which their using if for when they talk about it....

+ many people confuse smtpd_reject_unlisted_recipient (as you set above) vs smtpd_reject_unlisted_sender

The 450 vs 550 thing-because of a few remaining limitations, the postfix versions have gone back and forth on setting it to 550 by default with varying arguments for different RFC's & tolerances, especially when multi-MTA setups come into play.

The best situation would be to put an access list on that gateway.
-Of course I don't know how easy that is for you (If it's even possible on that gateway & if it's too much work to sync vs manually write changes. etc).

I would suggest you try 550 on unlisted/unknown first. If that doesn't solve it, then unverified when you are confident in your address mappings (& of course when you can monitoring closely).

As you can see both deal with mail from & rcpt to so it's confusing to most people:

reject_unlisted_recipient rejects the request when the RCPT TO address is not listed in the list of valid recipients for its domain class.
ties into unknown_local_recipient_reject_code parameter

reject_unverified_recipient rejects the request when mail to the RCPT TO address is known to bounce, or when the recipient address destination is not reachable. Address verification information is managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details.
ties into the unverified_recipient_reject_code parameter (default: 450, change into 550 when you are confident that it is safe to do so).

[gvocom]

This is very interesting I would like to know what other option in postfix there are with zimbra that will allow a more granular control over reject and bounce codes. I have a lot of weirdness with this zimbra installation as a former exim guru, for some reason I cannot seem to stop the backscatter and am nowe black listed beause of it.