Loading ...
Sorry, an error occurred while loading the content.

Re: Problems blocking "postmaster" alias

Expand Messages
  • Victor Duchovni
    ... Specifically, what this text: By default, Postfix probe messages have postmaster@$myorigin as the sender address. This is SAFE because the Postfix SMTP
    Message 1 of 3 , May 31, 2006
    • 0 Attachment
      On Wed, May 31, 2006 at 09:51:16AM -0500, Noel Jones wrote:

      > Postmaster is a required address. You shouldn't block mail
      > for postmaster. Otherwise how would people contact you if
      > there is a problem with your mail system?
      > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#limitations

      Specifically, what this text:

      By default, Postfix probe messages have "postmaster@$myorigin" as
      the sender address. This is SAFE because the Postfix SMTP server
      does not reject mail for this address.

      You can change this into the null address ("address_verify_sender
      ="). This is UNSAFE because address probes will fail with
      mis-configured sites that reject MAIL FROM: <>, while probes from
      "postmaster@$myorigin" would succeed.

      hints at, but does not spell out, (unless you follow the link to
      http://www.postfix.org/postconf.5.html#address_verify_sender) is:

      The sender address to use in address verification probes. To avoid
      problems with address probes that are sent in response to address
      probes, the Postfix SMTP server excludes the probe sender address
      from all SMTPD access blocks.

      Specify an empty value (address_verify_sender =) or <> if you want to
      use the null sender address. Beware, some sites reject mail from <>,
      even though RFCs require that such addresses be accepted.

      so if (as most users) you don't do sender address verification, you
      can safely use the null (<>) address verification sender and filter
      postmaster@$myorigin. Note, you should filter postmaster (and <abuse>)
      mail sparingly if at all. Also, the less frequently spammed, unqualified
      <postmaster> address remains whitelisted (at the "RCPT TO" stage) and
      cannot be filtered (the message is still filtered by data restrictions,
      and header and body checks, as well as any "undelayed" SMTP server
      restrictions, see http://www.postfix.org/postconf.5.html#smtpd_delay_reject).

      --
      Viktor.

      P.S. Morgan Stanley is looking for a New York City based, Senior Unix
      system/email administrator to architect and sustain the Unix email
      environment. If you are interested, please drop me a note.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    Your message has been successfully submitted and would be delivered to recipients shortly.