On Wed, May 31, 2006 at 09:51:16AM -0500, Noel Jones wrote:
> Postmaster is a required address. You shouldn't block mail
> for postmaster. Otherwise how would people contact you if
> there is a problem with your mail system?
Specifically, what this text:
By default, Postfix probe messages have "postmaster@$myorigin" as
the sender address. This is SAFE because the Postfix SMTP server
does not reject mail for this address.
You can change this into the null address ("address_verify_sender
="). This is UNSAFE because address probes will fail with
mis-configured sites that reject MAIL FROM: <>, while probes from
"postmaster@$myorigin" would succeed.
hints at, but does not spell out, (unless you follow the link to
The sender address to use in address verification probes. To avoid
problems with address probes that are sent in response to address
probes, the Postfix SMTP server excludes the probe sender address
from all SMTPD access blocks.
Specify an empty value (address_verify_sender =) or <> if you want to
use the null sender address. Beware, some sites reject mail from <>,
even though RFCs require that such addresses be accepted.
so if (as most users) you don't do sender address verification, you
can safely use the null (<>) address verification sender and filter
postmaster@$myorigin. Note, you should filter postmaster (and <abuse>)
mail sparingly if at all. Also, the less frequently spammed, unqualified
<postmaster> address remains whitelisted (at the "RCPT TO" stage) and
cannot be filtered (the message is still filtered by data restrictions,
and header and body checks, as well as any "undelayed" SMTP server
restrictions, see http://www.postfix.org/postconf.5.html#smtpd_delay_reject)
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.