Summary: The default virtualmin postfix config causes backscatter spam and a solution is needed. None of the solutions I tried worked. My IP address was recently blacklisted at backscatterer.org. Usually this is because mail to non-existent users (such as typo@mydomain) is bouncing back to fictitious senders instead of being rejected or discarded, but Virtualmin configures that pretty well. In my case, incoming spam was being forwarded to a third party which rejected it immediately and my postfix server tried to inform the fictitious senders with a bounce message that seemed to come from me. This is bad and I’m surprised postfix (and virtualmin) is configured like this by default.
The possible solutions I can see are:
Use spamassassin to reject incoming spam before it is forwarded. I don’t like this because I don't store mail, I only forward it and spamassassin can cause false positives and false negatives. (I did nevertheless try enabling spamassassin but with disastrous results, see separate thread.)
Check that the third party server will accept forwarded mail before completing the incoming transfer. Postfix can be configured to do this as described in www.postfix.org/ADDRESS_VERIFICATION_README.html but it slows things down and has limitations.
Filter out third-party bounces and discard them as described in http://taint.org/2007/05/30/164456a.html. This looks promising but I couldn't get it to work, even with a bounce message that contained the correct trigger. Perhaps something's wrong with the regex or with header filtering?
Use spamassassin to filter out the third-party bounces. This has other benefits as described at http://taint.org/2007/05/30/164456a.html so I tried enabling spamassassin including the “Virus-bounce ruleset”. I couldn't get that to work either.
Configure postfix to prevent it sending to any address that’s not on a white list of “forward to” addresses. That would prevent mailing lists working and would require a lot of maintenance so I haven't tried it.
Has anyone found a solution that works? I've googled extensively and spent hours on this without success.