Hey, reviving an old thread here, because some form of the never-applied mail-receiver patch did eventually make it into revision control, and as things bitrot over time, my patched container stopped working at some point.
I blew away my mail-receiver container, set up a fresh container and API key, and I have incoming mail working on my Discourse instance again…but the system seems to be backscattering rejected mail like it’s 2017 again.
Sure enough, these rejection replies both came back to my inbox, even though the BadDestinationAddress one should have been rejected at the SMTP level before being sent on to Discourse for further processing and a reply email. If a spammer hits this server with a bogus email address, this would generate backscatter.
Talking directly to the SMTP server, I can see it doesn’t make any attempt to reject bogus emails.
root@discourse:/var/discourse# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ESMTP server
HELO sdfsdfsdf
250 discourse-mail-receiver.localdomain
MAIL FROM: sdfsdf@example.com
250 2.1.0 Ok
RCPT TO: sdfsdfsdf@discourse.libsdl.org
250 2.1.5 Ok
…all this to say: I can see the default mail-receiver image has a fast-rejection script hooked up, but it doesn’t seem to be rejecting things…?
/etc/postfix/master.cf:
policy unix - n n - - spawn user=nobody
argv=/usr/local/bin/discourse-smtp-fast-rejection
/etc/postfix/main.cf:
smtpd_recipient_restrictions = check_policy_service unix:private/policy
Is there something I need to tweak to make this work, or is there some way to dig deeper into why it isn’t working? Is it working for other people?
Thanks!