|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: preventing backscatter
From: Magnus Bäck (magnus
dsek.lth.se)
Date: Tue Jun 06 2006 - 06:07:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday, May 30, 2006 at 23:58 CEST,
Bill Weiss <houdini+postfixclanspum.net> wrote:
> mouss(usebsdfree.fr)Tue, May 30, 2006 at 11:52:59PM +0200:
>
> > This is a known issue. wildcard aliases do break recipient
> > validation. your choices:
> >
> > 1- Use a script to generate individual aliases. Just make sure to
> > run the script when you update your users list.
> >
> > 2- An alternative is to write a policy service that does that.
> >
> > 3- if you move to ldap or *sql, you can make these return valid
> > responses only if the "target" address is valid. This doesn't solve
> > the (general) problem if you have "multi-level" (deep) alias domains
> > (such as foo.example = bar.example, and
> > bar.example=blah.example...).
>
> Suck. #1 leads to alias explosion for my small 50+ user, 12+ domain
> site. I can't imagine what it would be like for a serious server.
What's the problem? Make example.com the "main" domain and make virtual
alias entries like
user1example.org user1example.com
user2example.org user2example.com
...
userNexample.org userNexample.com
user1example.net user1example.com
user2example.net user2example.com
...
userNexample.net userNexample.com
...
for all valid addresses in example.com and all "mirror domains" you
have. As mouss said the administration of this can be automated, and
unless your virtual alias table contains tens of millions of addresses
it won't affect your performance.
--
Magnus Bäck
magnusdsek.lth.se
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]