Re: Postfix 2.8.x anti anti backscattering settings
- Am 07.05.2013 09:00, schrieb Josef Karliak:
> Ohh. So there is only one solution - on mail server generate an aliasdepending to "you"r setup some easy way would be
> list that contains aliases and result. Like :
> chose OK
> user OK
> And in main.cf use directive
> smtpd_recipient_restrictions = <other options>,check_recipient_access
> hash:/etc/postfix/alias_list,<other options>
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
---so you have to find a sync mech, or edit manual each change----
or/and as catch all ( not recommended without verify )
smtpd_recipient_restrictions = ...
smtpd_restriction_classes = verify_recipient,
verify_recipient = reject_unverified_recipient
address_verify_map = btree:/var/lib/postfix/verify
make sure that you have stable con by using smtp verify
this is typical used for a backup mx setup !!!
so postfix follows dns mx settings, it may combined with transport setting
other mehtods may work as well with asking valid recipients via sql,ldap
on the orig/main server
there are also milters that check orig/main servers
did not tested that
after all you missed giving more and exact information what setup you
are trying to goal, and having recipient list is mandatory these spam
days, but its not a global solution against every backscatter, as
backscatters may get created for many complex reasons, but mostly as an
result of abused mail addresses or missconfigurations by sender servers etc
> So we'll generate aliases into a "alias_list" file and scp it from
> email server to incomming smtp and use it in postfix.
> Is it only one option ? Or there are better ? Just asking.
> Thanks very much.
> Cituji Wietse Venema <wietse@...>:
>> Josef Karliak:
>>> thanks for tip. I may be something missed:
>>> In main.cf I've added:
>>> address_verify_relayhost = 126.96.36.199 #ip of my mail server that
>>> knows all users
>>> address_verify_sender = master@...
>> This overrides the "relayhost" setting, which is used ONLY for
>> REMOTE delivery, not LOCAL. It will NEVER be used to find out
>> if a LOCAL email address is valid.
>> Which override SHOULD you use? That depends on your Postfix
MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein