Loading ...
Sorry, an error occurred while loading the content.

Re: Accept mail for postmaseter, abuse while denying else

Expand Messages
  • Benny Pedersen
    ... make sure abuse and postmaster is in aliases i hope :) postmap -q abuse hash:/etc/aliases --
    Message 1 of 7 , Nov 1, 2007
    • 0 Attachment
      On Thu, November 1, 2007 12:27, Andrew Long wrote:
      > I now have this server pretty much denying everything except relay for a
      > (relay-ip) list of sites. My problem is that the server is apparently
      > rejecting mail for <postmaster@...> and likely for <abuse@> also.
      > How can I accept mail for these local users while denying all else?
      >
      > # 2007-11-01 - postconf -n
      > alias_maps = hash:/etc/aliases

      make sure abuse and postmaster is in aliases

      i hope :)

      postmap -q abuse hash:/etc/aliases

      --
    • mouss
      ... that may be a taste question. I prefer reject_unauth_destination before, and not having to use special actions. ... Look again at the end of his
      Message 2 of 7 , Nov 1, 2007
      • 0 Attachment
        Benny Pedersen wrote:
        > On Thu, November 1, 2007 13:01, mouss wrote:
        >> reject_unauth_destination
        >> check_recipient_access hash:/etc/postfix/roleaccount
        >>
        >> # cat roleaccount
        >> postmaster@... OK
        >> abuse@... OK
        >> # postmap roleaccount
        >
        > sed -i -e s:OK:PERMIT_AUTH_DESTINATION:g /etc/postfix/roleaccount

        that may be a taste question. I prefer reject_unauth_destination before,
        and not having to use "special" actions.

        >
        > i personly just add them to aliases,


        Look again at the end of his smtpd_recipient_restrictions. There is a
        reject. This may not be clear in my quoting.

        > will work for multiple hosted domains
        > then aswell, just in case one forget to add them as virtual_alias
        >
        > sendmail -bv postmaster@localhost
        >
      • mouss
        ... if you send me mail claiming to be from foo@host.example.com, but I find out that I cannot send mail to foo@host.example.com, then I will block you,
        Message 3 of 7 , Nov 1, 2007
        • 0 Attachment
          Andrew Long wrote:
          >> -----Original Message-----
          >> From: owner-postfix-users@...
          >> [mailto:owner-postfix-users@...] On Behalf Of mouss
          >> Sent: Thursday, November 01, 2007 8:02 AM
          >> Cc: postfix-users@...
          >> Subject: Re: Accept mail for postmaseter, abuse while denying else
          >>
          >> Andrew Long wrote:
          >>> I now have this server pretty much denying everything
          >> except relay for a (relay-ip) list of sites. My problem is that the
          >> server is apparently rejecting mail for <postmaster@...>
          >> and likely for <abuse@> also.
          >> How can I accept mail for these local users while denying all else?
          >>> # 2007-11-01 - postconf -n
          >>> alias_maps = hash:/etc/aliases
          >>> command_directory = /usr/sbin
          >>> config_directory = /etc/postfix
          >>> daemon_directory = /usr/libexec/postfix debug_peer_level = 2
          >>> html_directory = no local_recipient_maps = mailq_path =
          >>> /usr/bin/mailq.postfix manpage_directory = /usr/share/man
          >>> mydestination = localhost.localdomain, host.domain.com mynetworks =
          >>> 127.0.0.0/8, /etc/postfix/relay-ip newaliases_path =
          >>> /usr/bin/newaliases.postfix readme_directory =
          >>> /usr/share/doc/postfix-2.2.10/README_FILES
          >>> relay_domains =
          >>> sample_directory = /usr/share/doc/postfix-2.2.10/samples
          >>> sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop
          >>> smtpd_banner = $myhostname ESMTP $mail_name
          >> smtpd_client_restrictions
          >>> =
          >>> permit_mynetworks,
          >>> reject_invalid_hostname,
          >>> reject_unknown_sender_domain,
          >>> reject_non_fqdn_recipient,
          >>> reject_rbl_client bl.spamcop.net,
          >>> permit
          >>> smtpd_helo_required = yes
          >>> smtpd_recipient_restrictions =
          >>> reject_non_fqdn_sender,
          >>> reject_non_fqdn_recipient,
          >>> reject_unknown_recipient_domain,
          >>> permit_mynetworks,
          >> here add:
          >>
          >> reject_unauth_destination
          >> check_recipient_access hash:/etc/postfix/roleaccount
          >>
          >> # cat roleaccount
          >> postmaster@... OK
          >> abuse@... OK
          >> # postmap roleaccount
          >>
          >> the reject_unauth_destination is a safety measure, keep it to avoid
          >> accidentally becoming an open relay.
          >>
          >>> reject
          >>>
          >> so this server does not accept mail from the public. it should thus
          >> not be listed as an MX in DNS.
          >>
          >
          > I did not think of that...
          > We had problems before we added a PTR with mail being denied for certain destinations. Will removing the MX but leaving the PTR work?
          >

          if you send me mail claiming to be from foo@..., but I find
          out that I cannot send mail to foo@..., then I will block
          you, whether you setup an MX or not.

          if on the other hand you never send mail from *@..., then
          you don't need to receive mail to such addresses, and as a result you
          don't need an MX.
        Your message has been successfully submitted and would be delivered to recipients shortly.