Postfix - how to make zimbra respond 550 unknown user rather than bounce?
Bounce emails are polite, but with spam these days, probably 98%+ bounce messages are to bogus addresses because they are spam with forged sender/reply to address.
By default, Zimbra bounces for unknown users which results in the spam message being sent along with the failed delivery message to be sent to whoever had the fortune of having their email address as the forged sender.
Not sure where I read it, but most mail admins will advocate that a better way to handle unknown user is to make postfix reject the email with a '550: Recipient Address Rejected: User unknown in local recipient table'. It is then up to the MTA that originated the connection to Zimra to determine what it should do with the email (spam).
This eliminates a lot of wasted traffic and makes Zimbra a good netizen for not bouncing spam around the internet.
So, my question, how can one configure Zimbra to give a 550 reject rather than a bounce?
In other postfix installations, I was able to do this using the local_recipient_maps setting like so (main.cf):
But this setting doesn't seem to work with default zimbra setup.
# Set this because this causes local postfix to generate a 550 reject
# response to the SMTP server that initiated the connection
# rather than sending a bounce email to a likely bogus address
unknown_local_recipient_reject_code = 550
local_recipient_maps = $virtual_mailbox_maps
Has anybody done this?
Some more info on this and external references
This FAQ says what I'm getting at:
And this README explains about local_recipient_maps:
This got me wondering about how Zimbra postfix config is really working.
For example, there is not local_transport specified in main.cf. I assume it is 'virtual', but I wonder if 'local' is still enabled?
Also, I don't see a mydestination, which seems to be necessary. Is there an implicit or default mydestination somewhere?
I'm hoping a Zimbra employee/postfix guru can explain how this stuff is working. I've used postfix quite a bit before, but I always seem to learn just enough to get it working :rolleyes:
Here is a important reason why bouncing is bad!
I found a document that explains why it is important not to bounce, but rather to reject emails.
Basically, your mail server can find itself on a spam blacklist because of misdirected bounces. Specifically, spammers began using this 'bounce' technique to get around blacklists (sending emails to unknown users in your domain knowing it will bounce to their intended spam destination). As a result, spamcop.net is blacklisting mail servers that produce lots of bounce spam.
I am very curious at the lack of response to this thread... I know that it will be interesting and a really important issue if you find your server is blacklisted!