From: mouss (mlist.onlyfree.fr)
Date: Thu Nov 01 2007 - 07:01:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Long wrote:
> I now have this server pretty much denying everything except relay for a (relay-ip) list of sites. My problem is that the server is apparently rejecting mail for <postmasterhost.domain.com> and likely for <abuse> also. How can I accept mail for these local users while denying all else?
>
> # 2007-11-01 - postconf -n
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> local_recipient_maps =
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = localhost.localdomain, host.domain.com
> mynetworks = 127.0.0.0/8, /etc/postfix/relay-ip
> newaliases_path = /usr/bin/newaliases.postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relay_domains =
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions =
> permit_mynetworks,
> reject_invalid_hostname,
> reject_unknown_sender_domain,
> reject_non_fqdn_recipient,
> reject_rbl_client bl.spamcop.net,
> permit
> smtpd_helo_required = yes
> smtpd_recipient_restrictions =
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_recipient_domain,
> permit_mynetworks,

here add:

        reject_unauth_destination
        check_recipient_access hash:/etc/postfix/roleaccount

# cat roleaccount
postmasterexample.com OK
abuseexample.com OK
# postmap roleaccount

the reject_unauth_destination is a safety measure, keep it to avoid
accidentally becoming an open relay.

> reject
>

so this server does not accept mail from the public. it should thus not
be listed as an MX in DNS.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]