Loading ...
Sorry, an error occurred while loading the content.

Re: Accept mail for postmaseter, abuse while denying else

Expand Messages
  • Benny Pedersen
    ... make sure abuse and postmaster is in aliases i hope :) postmap -q abuse hash:/etc/aliases --
    Message 1 of 7 , Nov 1, 2007
    • 0 Attachment
      On Thu, November 1, 2007 12:27, Andrew Long wrote:
      > I now have this server pretty much denying everything except relay for a
      > (relay-ip) list of sites. My problem is that the server is apparently
      > rejecting mail for <postmaster@...> and likely for <abuse@> also.
      > How can I accept mail for these local users while denying all else?
      >
      > # 2007-11-01 - postconf -n
      > alias_maps = hash:/etc/aliases

      make sure abuse and postmaster is in aliases

      i hope :)

      postmap -q abuse hash:/etc/aliases

      --
    • Benny Pedersen
      ... sed -i -e s:OK:PERMIT_AUTH_DESTINATION:g /etc/postfix/roleaccount i personly just add them to aliases, will work for multiple hosted domains then aswell,
      Message 2 of 7 , Nov 1, 2007
      • 0 Attachment
        On Thu, November 1, 2007 13:01, mouss wrote:
        > reject_unauth_destination
        > check_recipient_access hash:/etc/postfix/roleaccount
        >
        > # cat roleaccount
        > postmaster@... OK
        > abuse@... OK
        > # postmap roleaccount

        sed -i -e s:OK:PERMIT_AUTH_DESTINATION:g /etc/postfix/roleaccount

        i personly just add them to aliases, will work for multiple hosted domains
        then aswell, just in case one forget to add them as virtual_alias

        sendmail -bv postmaster@localhost

        --
      • mouss
        ... that may be a taste question. I prefer reject_unauth_destination before, and not having to use special actions. ... Look again at the end of his
        Message 3 of 7 , Nov 1, 2007
        • 0 Attachment
          Benny Pedersen wrote:
          > On Thu, November 1, 2007 13:01, mouss wrote:
          >> reject_unauth_destination
          >> check_recipient_access hash:/etc/postfix/roleaccount
          >>
          >> # cat roleaccount
          >> postmaster@... OK
          >> abuse@... OK
          >> # postmap roleaccount
          >
          > sed -i -e s:OK:PERMIT_AUTH_DESTINATION:g /etc/postfix/roleaccount

          that may be a taste question. I prefer reject_unauth_destination before,
          and not having to use "special" actions.

          >
          > i personly just add them to aliases,


          Look again at the end of his smtpd_recipient_restrictions. There is a
          reject. This may not be clear in my quoting.

          > will work for multiple hosted domains
          > then aswell, just in case one forget to add them as virtual_alias
          >
          > sendmail -bv postmaster@localhost
          >
        • mouss
          ... if you send me mail claiming to be from foo@host.example.com, but I find out that I cannot send mail to foo@host.example.com, then I will block you,
          Message 4 of 7 , Nov 1, 2007
          • 0 Attachment
            Andrew Long wrote:
            >> -----Original Message-----
            >> From: owner-postfix-users@...
            >> [mailto:owner-postfix-users@...] On Behalf Of mouss
            >> Sent: Thursday, November 01, 2007 8:02 AM
            >> Cc: postfix-users@...
            >> Subject: Re: Accept mail for postmaseter, abuse while denying else
            >>
            >> Andrew Long wrote:
            >>> I now have this server pretty much denying everything
            >> except relay for a (relay-ip) list of sites. My problem is that the
            >> server is apparently rejecting mail for <postmaster@...>
            >> and likely for <abuse@> also.
            >> How can I accept mail for these local users while denying all else?
            >>> # 2007-11-01 - postconf -n
            >>> alias_maps = hash:/etc/aliases
            >>> command_directory = /usr/sbin
            >>> config_directory = /etc/postfix
            >>> daemon_directory = /usr/libexec/postfix debug_peer_level = 2
            >>> html_directory = no local_recipient_maps = mailq_path =
            >>> /usr/bin/mailq.postfix manpage_directory = /usr/share/man
            >>> mydestination = localhost.localdomain, host.domain.com mynetworks =
            >>> 127.0.0.0/8, /etc/postfix/relay-ip newaliases_path =
            >>> /usr/bin/newaliases.postfix readme_directory =
            >>> /usr/share/doc/postfix-2.2.10/README_FILES
            >>> relay_domains =
            >>> sample_directory = /usr/share/doc/postfix-2.2.10/samples
            >>> sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop
            >>> smtpd_banner = $myhostname ESMTP $mail_name
            >> smtpd_client_restrictions
            >>> =
            >>> permit_mynetworks,
            >>> reject_invalid_hostname,
            >>> reject_unknown_sender_domain,
            >>> reject_non_fqdn_recipient,
            >>> reject_rbl_client bl.spamcop.net,
            >>> permit
            >>> smtpd_helo_required = yes
            >>> smtpd_recipient_restrictions =
            >>> reject_non_fqdn_sender,
            >>> reject_non_fqdn_recipient,
            >>> reject_unknown_recipient_domain,
            >>> permit_mynetworks,
            >> here add:
            >>
            >> reject_unauth_destination
            >> check_recipient_access hash:/etc/postfix/roleaccount
            >>
            >> # cat roleaccount
            >> postmaster@... OK
            >> abuse@... OK
            >> # postmap roleaccount
            >>
            >> the reject_unauth_destination is a safety measure, keep it to avoid
            >> accidentally becoming an open relay.
            >>
            >>> reject
            >>>
            >> so this server does not accept mail from the public. it should thus
            >> not be listed as an MX in DNS.
            >>
            >
            > I did not think of that...
            > We had problems before we added a PTR with mail being denied for certain destinations. Will removing the MX but leaving the PTR work?
            >

            if you send me mail claiming to be from foo@..., but I find
            out that I cannot send mail to foo@..., then I will block
            you, whether you setup an MX or not.

            if on the other hand you never send mail from *@..., then
            you don't need to receive mail to such addresses, and as a result you
            don't need an MX.
          Your message has been successfully submitted and would be delivered to recipients shortly.