Stop forwarding SPAM emails

Some of my users have created email forwards

I see in postfix q that many SPAM emails coming to these emails getting forwarded.

This has resulted in my IP getting blacklisted with email providers like Microsoft

How to stop SPAM emails getting forwarded?

(Adapted from: <https://docs.directadmin.com/other-hosting-services/preventing-spam/outgoing-spam.html#why-forwarders-to-external-mailservers-can-be-dangerous-for-your-server>)

Why forwarders to external mailservers can be dangerous for your server

It's not uncommon for clients to want to forward mail from their own domain to an external email address, say Gmail, for example.

The path of an email sent to the user@domain.com forwarder would be:

Sender -> CWP box: user@domain.com -> External: user@gmail.com
This will work fine, until spam comes into the picture.

The issue with spam is that, if the proper blocks are not in place, your CWP box will happily relay spam to Gmail, which could then cause Gmail to think that the spam is originating from your CWP box, thus getting your IP blacklisted even though the spam came from somewhere else.

Another issue is that, if Gmail then determines that the message is spam, it may be denied at the Gmail server, thus returning it back to your CWP box to figure out what to do with. Since the sender is not from the CWP box, and the final recipient is Gmail (which was denied), Postfix tries to send it back to the original "sender", which with spam, is almost always fake/spoofed (these headers can be spoofed).

This causes "backscatter", where Postfix is trying to return a message to an address that was not the actual sender. This backscatter is also a potential hazard to getting your IP blacklisted.

Solutions:

- Avoid forwarders to external domains whenever possible (it is usually hard to convince users of this).

- For Gmail, as an example, have Gmail pull your POP emails to Gmail, rather than you pushing them via forwarders. See this guide for more info.

- Ensure SpamAssassin is enabled, and set it to drop spam or send to spambox (do not use "deliver to inbox"). At a minimum, use "drop high scoring spam".

- Block bounces from leaving.

- RBL Blocking is a robust way of blocking spam before Postfix even sees the message (realtime IP based block). Some consider RBL blocking to sometimes be too strict in that it may often block entire ISP ranges (send on port 587 with smtp-auth, instead of port 25).

Regards,
Netino

- Ensure SpamAssassin is enabled, and set it to drop spam or send to spambox (do not use "deliver to inbox"). At a minimum, use "drop high scoring spam".

Any Guidance on how to set these in CWP?