Loading ...
Sorry, an error occurred while loading the content.
 

Re: Aliases on local submissions only

Expand Messages
  • Philip Prindeville
    ... So I can have: echo receive_override_options = no_address_mappings /etc/postfix/main.cf but then in master.cf have: pickup ... -o
    Message 1 of 7 , Jan 2, 2012
      On 1/2/12 7:08 AM, Jeroen Geilman wrote:
      > On 01/02/2012 02:00 AM, Philip Prindeville wrote:
      >> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
      >>
      >> It merely serves to check messages for viruses, and block DoS attacks.
      >>
      >> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
      >>
      >> How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...
      >>
      >> Thanks,
      >>
      >> -Philip
      > There are several approaches.
      >
      > Local processes use sendmail(1) to submit mail.
      > This is partly outside the normal flow of SMTP mail, as diagrammed here:
      > http://www.postfix.org/OVERVIEW.html#receiving
      >
      > The pickup(8) service allows you to specify a content_filter, which you
      > could use to inject this mail into a separate smtpd(8) listener with
      > different restrictions than the main port 25 listener, one of those
      > being to allow aliasing to external recipients.
      >
      > You could also set receive_override_options on the pickup(8) service
      > directly, and disable them on the normal smtpd(8) listener.
      >
      > http://www.postfix.org/pickup.8.html
      > http://www.postfix.org/postconf.5.html#content_filter
      > http://www.postfix.org/FILTER_README.html
      > http://www.postfix.org/postconf.5.html#receive_override_options
      >

      So I can have:

      echo "receive_override_options = no_address_mappings" >> /etc/postfix/main.cf

      but then in master.cf have:

      pickup ...
      -o receive_override_options=

      is that correct?

      -Philip
    • Lorens Kockum
      ... Wouldn t the easiest way be to configure the box with a specific local domain? If its local domain is antivirus.example.com , then it won t do alias
      Message 2 of 7 , Jan 2, 2012
        On Sun, Jan 01, 2012 at 06:00:46PM -0700, Philip Prindeville wrote:
        > I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
        >
        > It merely serves to check messages for viruses, and block DoS attacks.
        >
        > As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.

        Wouldn't the easiest way be to configure the box with a specific
        local domain? If its local domain is "antivirus.example.com",
        then it won't do alias expansion for anything else. Should the
        box have your main domain as a local domain it it doesn't even
        know the valid usernames for the domain?

        HTH
      • Philip Prindeville
        ... Creating extra domains would involve a lot of paperwork and retooling. Plus it seems like it would be fixing the symptoms but not the cause.
        Message 3 of 7 , Jan 3, 2012
          On 1/3/12 12:36 AM, Lorens Kockum wrote:
          > On Sun, Jan 01, 2012 at 06:00:46PM -0700, Philip Prindeville wrote:
          >> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
          >>
          >> It merely serves to check messages for viruses, and block DoS attacks.
          >>
          >> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
          > Wouldn't the easiest way be to configure the box with a specific
          > local domain? If its local domain is "antivirus.example.com",
          > then it won't do alias expansion for anything else. Should the
          > box have your main domain as a local domain it it doesn't even
          > know the valid usernames for the domain?
          >
          > HTH

          Creating extra domains would involve a lot of paperwork and retooling.

          Plus it seems like it would be fixing the symptoms but not the cause.
        • Jeroen Geilman
          ... God no, why would you do that ? man postconf, postconf -e option = value ... If both behave as documented, that would give you the desired result, yes.
          Message 4 of 7 , Jan 3, 2012
            On 2012-01-03 04:33, Philip Prindeville wrote:
            > On 1/2/12 7:08 AM, Jeroen Geilman wrote:
            >> On 01/02/2012 02:00 AM, Philip Prindeville wrote:
            >>> I have a 'border' postfix MTA that doesn't host any mailboxes, indeed it doesn't even know what the valid usernames are for the domain.
            >>>
            >>> It merely serves to check messages for viruses, and block DoS attacks.
            >>>
            >>> As such, I need it to perform aliasing *only* on messages generated locally by system services, such as 'cron'.
            >>>
            >>> How do I configure that? I.e. that if a message is submitted locally by a service such as 'cron' or 'logwatch', it should be aliased to an internal mailbox name on an Intranet server...
            >>>
            >>> Thanks,
            >>>
            >>> -Philip
            >> There are several approaches.
            >>
            >> Local processes use sendmail(1) to submit mail.
            >> This is partly outside the normal flow of SMTP mail, as diagrammed here:
            >> http://www.postfix.org/OVERVIEW.html#receiving
            >>
            >> The pickup(8) service allows you to specify a content_filter, which you
            >> could use to inject this mail into a separate smtpd(8) listener with
            >> different restrictions than the main port 25 listener, one of those
            >> being to allow aliasing to external recipients.
            >>
            >> You could also set receive_override_options on the pickup(8) service
            >> directly, and disable them on the normal smtpd(8) listener.
            >>
            >> http://www.postfix.org/pickup.8.html
            >> http://www.postfix.org/postconf.5.html#content_filter
            >> http://www.postfix.org/FILTER_README.html
            >> http://www.postfix.org/postconf.5.html#receive_override_options
            >>
            > So I can have:
            >
            > echo "receive_override_options = no_address_mappings">> /etc/postfix/main.cf

            God no, why would you do that ?

            man postconf, postconf -e "option = value"

            >
            > but then in master.cf have:
            >
            > pickup ...
            > -o receive_override_options=
            >
            > is that correct?

            If both behave as documented, that would give you the desired result, yes.


            --
            J.
          Your message has been successfully submitted and would be delivered to recipients shortly.