Loading ...
Sorry, an error occurred while loading the content.

293527Re: Challenges of an internal relay server

Expand Messages
  • Jeroen Geilman
    Jun 1, 2013
    • 0 Attachment
      On 05/31/2013 10:53 PM, Jason Price wrote:
      Background:  Internal Mail Relay server.  Connections from the internet are not possible.  The vast majority of messages are going to Google Apps.

      Problem one: How to properly 'blacklist' certain To: addresses.

      With a blacklist in the form of a check_recipient_access map:

      http://www.postfix.org/access.5.html

       I am currently using:

      header_checks = pcre:/etc/postfix/header_checks

      Don't do this. Headers are trivially forged, and should never be used to make routing decisions.

          /^To: etloc@.../                                DISCARD

      Even worse; now your users won't know the mail was destroyed.

      Since it's all internal, sending them a bounce or reject is perfectly fine.

      With an access(5) map, their client will instantly tell them it failed, so they can correct it.

      -- 
      J.
      
    • Show all 9 messages in this topic