Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix 2.8.x anti anti backscattering settings

Expand Messages
  • Wietse Venema
    ... This overrides the relayhost setting, which is used ONLY for REMOTE delivery, not LOCAL. It will NEVER be used to find out if a LOCAL email address is
    Message 1 of 12 , May 6, 2013
    • 0 Attachment
      Josef Karliak:
      > Hi,
      > thanks for tip. I may be something missed:
      > In main.cf I've added:
      > address_verify_relayhost = 19.13.13.11 #ip of my mail server that
      > knows all users
      > address_verify_sender = master@...

      This overrides the "relayhost" setting, which is used ONLY for
      REMOTE delivery, not LOCAL. It will NEVER be used to find out
      if a LOCAL email address is valid.

      Which override SHOULD you use? That depends on your Postfix
      configuration.

      Wietse
    • Josef Karliak
      Ohh. So there is only one solution - on mail server generate an alias list that contains aliases and result. Like : chose OK user OK ... ... And in main.cf
      Message 2 of 12 , May 7, 2013
      • 0 Attachment
        Ohh. So there is only one solution - on mail server generate an
        alias list that contains aliases and result. Like :

        chose OK
        user OK
        ...
        ...


        And in main.cf use directive
        smtpd_recipient_restrictions = <other options>,check_recipient_access
        hash:/etc/postfix/alias_list,<other options>


        So we'll generate aliases into a "alias_list" file and scp it from
        email server to incomming smtp and use it in postfix.

        Is it only one option ? Or there are better ? Just asking.

        Thanks very much.
        J.Karliak.

        Cituji Wietse Venema <wietse@...>:

        > Josef Karliak:
        >> Hi,
        >> thanks for tip. I may be something missed:
        >> In main.cf I've added:
        >> address_verify_relayhost = 19.13.13.11 #ip of my mail server that
        >> knows all users
        >> address_verify_sender = master@...
        >
        > This overrides the "relayhost" setting, which is used ONLY for
        > REMOTE delivery, not LOCAL. It will NEVER be used to find out
        > if a LOCAL email address is valid.
        >
        > Which override SHOULD you use? That depends on your Postfix
        > configuration.
        >
        > Wietse
        >



        --
        Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
        DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
        zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
        My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
        policy and check. If you've problem with sending emails to me, start
        using email origin methods mentioned above. Thank you.

        ----------------------------------------------------------------
        This message was sent using IMP, the Internet Messaging Program.
      • Robert Schetterer
        ... depending to you r setup some easy way would be main.cf relay_domains = hash:/etc/postfix/relay_domains relay_recipient_maps =
        Message 3 of 12 , May 7, 2013
        • 0 Attachment
          Am 07.05.2013 09:00, schrieb Josef Karliak:
          > Ohh. So there is only one solution - on mail server generate an alias
          > list that contains aliases and result. Like :
          >
          > chose OK
          > user OK
          > ...
          > ...
          >
          >
          > And in main.cf use directive
          > smtpd_recipient_restrictions = <other options>,check_recipient_access
          > hash:/etc/postfix/alias_list,<other options>

          depending to "you"r setup some easy way would be

          main.cf
          relay_domains = hash:/etc/postfix/relay_domains
          relay_recipient_maps = hash:/etc/postfix/relay_recipients

          /etc/postfix/relay_domains

          mydomain1.test1 OK
          mydomain2.test2 OK

          /etc/postfix/relay_recipients

          user1@...1 OK
          user2@...1 OK

          ---so you have to find a sync mech, or edit manual each change----

          or/and as catch all ( not recommended without verify )

          @...2 OK


          with verify

          main

          smtpd_recipient_restrictions = ...
          check_recipient_access hash:/etc/postfix/verify_access
          ...


          /etc/postfix/verify_access
          ...
          mydomain2.test2 verify_recipient
          ...

          main.cf

          smtpd_restriction_classes = verify_recipient,
          ...

          verify_recipient = reject_unverified_recipient
          address_verify_map = btree:/var/lib/postfix/verify

          make sure that you have stable con by using smtp verify

          this is typical used for a backup mx setup !!!

          so postfix follows dns mx settings, it may combined with transport setting

          other mehtods may work as well with asking valid recipients via sql,ldap
          on the orig/main server

          there are also milters that check orig/main servers

          i.e

          http://www.benzedrine.cx/milter-checkrcpt.html

          did not tested that

          after all you missed giving more and exact information what setup you
          are trying to goal, and having recipient list is mandatory these spam
          days, but its not a global solution against every backscatter, as
          backscatters may get created for many complex reasons, but mostly as an
          result of abused mail addresses or missconfigurations by sender servers etc


          >
          >
          > So we'll generate aliases into a "alias_list" file and scp it from
          > email server to incomming smtp and use it in postfix.
          >
          > Is it only one option ? Or there are better ? Just asking.
          >
          > Thanks very much.
          > J.Karliak.
          >
          > Cituji Wietse Venema <wietse@...>:
          >
          >> Josef Karliak:
          >>> Hi,
          >>> thanks for tip. I may be something missed:
          >>> In main.cf I've added:
          >>> address_verify_relayhost = 19.13.13.11 #ip of my mail server that
          >>> knows all users
          >>> address_verify_sender = master@...
          >>
          >> This overrides the "relayhost" setting, which is used ONLY for
          >> REMOTE delivery, not LOCAL. It will NEVER be used to find out
          >> if a LOCAL email address is valid.
          >>
          >> Which override SHOULD you use? That depends on your Postfix
          >> configuration.
          >>
          >> Wietse
          >>
          >
          >
          >



          Best Regards
          MfG Robert Schetterer

          --
          [*] sys4 AG

          http://sys4.de, +49 (89) 30 90 46 64
          Franziskanerstraße 15, 81669 München

          Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
          Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
          Aufsichtsratsvorsitzender: Florian Kirstein
        Your message has been successfully submitted and would be delivered to recipients shortly.