Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix 2.8.x anti anti backscattering settings

Expand Messages
  • Robert Schetterer
    ... depending to you r setup some easy way would be main.cf relay_domains = hash:/etc/postfix/relay_domains relay_recipient_maps =
    Message 1 of 12 , May 7, 2013
    • 0 Attachment
      Am 07.05.2013 09:00, schrieb Josef Karliak:
      > Ohh. So there is only one solution - on mail server generate an alias
      > list that contains aliases and result. Like :
      >
      > chose OK
      > user OK
      > ...
      > ...
      >
      >
      > And in main.cf use directive
      > smtpd_recipient_restrictions = <other options>,check_recipient_access
      > hash:/etc/postfix/alias_list,<other options>

      depending to "you"r setup some easy way would be

      main.cf
      relay_domains = hash:/etc/postfix/relay_domains
      relay_recipient_maps = hash:/etc/postfix/relay_recipients

      /etc/postfix/relay_domains

      mydomain1.test1 OK
      mydomain2.test2 OK

      /etc/postfix/relay_recipients

      user1@...1 OK
      user2@...1 OK

      ---so you have to find a sync mech, or edit manual each change----

      or/and as catch all ( not recommended without verify )

      @...2 OK


      with verify

      main

      smtpd_recipient_restrictions = ...
      check_recipient_access hash:/etc/postfix/verify_access
      ...


      /etc/postfix/verify_access
      ...
      mydomain2.test2 verify_recipient
      ...

      main.cf

      smtpd_restriction_classes = verify_recipient,
      ...

      verify_recipient = reject_unverified_recipient
      address_verify_map = btree:/var/lib/postfix/verify

      make sure that you have stable con by using smtp verify

      this is typical used for a backup mx setup !!!

      so postfix follows dns mx settings, it may combined with transport setting

      other mehtods may work as well with asking valid recipients via sql,ldap
      on the orig/main server

      there are also milters that check orig/main servers

      i.e

      http://www.benzedrine.cx/milter-checkrcpt.html

      did not tested that

      after all you missed giving more and exact information what setup you
      are trying to goal, and having recipient list is mandatory these spam
      days, but its not a global solution against every backscatter, as
      backscatters may get created for many complex reasons, but mostly as an
      result of abused mail addresses or missconfigurations by sender servers etc


      >
      >
      > So we'll generate aliases into a "alias_list" file and scp it from
      > email server to incomming smtp and use it in postfix.
      >
      > Is it only one option ? Or there are better ? Just asking.
      >
      > Thanks very much.
      > J.Karliak.
      >
      > Cituji Wietse Venema <wietse@...>:
      >
      >> Josef Karliak:
      >>> Hi,
      >>> thanks for tip. I may be something missed:
      >>> In main.cf I've added:
      >>> address_verify_relayhost = 19.13.13.11 #ip of my mail server that
      >>> knows all users
      >>> address_verify_sender = master@...
      >>
      >> This overrides the "relayhost" setting, which is used ONLY for
      >> REMOTE delivery, not LOCAL. It will NEVER be used to find out
      >> if a LOCAL email address is valid.
      >>
      >> Which override SHOULD you use? That depends on your Postfix
      >> configuration.
      >>
      >> Wietse
      >>
      >
      >
      >



      Best Regards
      MfG Robert Schetterer

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Florian Kirstein
    Your message has been successfully submitted and would be delivered to recipients shortly.