NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-11

Re: Accept mail for postmaseter, abuse while denying else

From: mouss (mlist.onlyfree.fr)
Date: Thu Nov 01 2007 - 09:38:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Long wrote:
>> -----Original Message-----
>> From: owner-postfix-userspostfix.org
>> [mailto:owner-postfix-userspostfix.org] On Behalf Of mouss
>> Sent: Thursday, November 01, 2007 8:02 AM
>> Cc: postfix-userspostfix.org
>> Subject: Re: Accept mail for postmaseter, abuse while denying else
>>
>> Andrew Long wrote:
>>> I now have this server pretty much denying everything
>> except relay for a (relay-ip) list of sites. My problem is that the
>> server is apparently rejecting mail for <postmasterhost.domain.com>
>> and likely for <abuse> also.
>> How can I accept mail for these local users while denying all else?
>>> # 2007-11-01 - postconf -n
>>> alias_maps = hash:/etc/aliases
>>> command_directory = /usr/sbin
>>> config_directory = /etc/postfix
>>> daemon_directory = /usr/libexec/postfix debug_peer_level = 2
>>> html_directory = no local_recipient_maps = mailq_path =
>>> /usr/bin/mailq.postfix manpage_directory = /usr/share/man
>>> mydestination = localhost.localdomain, host.domain.com mynetworks =
>>> 127.0.0.0/8, /etc/postfix/relay-ip newaliases_path =
>>> /usr/bin/newaliases.postfix readme_directory =
>>> /usr/share/doc/postfix-2.2.10/README_FILES
>>> relay_domains =
>>> sample_directory = /usr/share/doc/postfix-2.2.10/samples
>>> sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop
>>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_client_restrictions
>>> =
>>> permit_mynetworks,
>>> reject_invalid_hostname,
>>> reject_unknown_sender_domain,
>>> reject_non_fqdn_recipient,
>>> reject_rbl_client bl.spamcop.net,
>>> permit
>>> smtpd_helo_required = yes
>>> smtpd_recipient_restrictions =
>>> reject_non_fqdn_sender,
>>> reject_non_fqdn_recipient,
>>> reject_unknown_recipient_domain,
>>> permit_mynetworks,
>> here add:
>>
>> reject_unauth_destination
>> check_recipient_access hash:/etc/postfix/roleaccount
>>
>> # cat roleaccount
>> postmasterexample.com OK
>> abuseexample.com OK
>> # postmap roleaccount
>>
>> the reject_unauth_destination is a safety measure, keep it to avoid
>> accidentally becoming an open relay.
>>
>>> reject
>>>
>> so this server does not accept mail from the public. it should thus
>> not be listed as an MX in DNS.
>>
>
> I did not think of that...
> We had problems before we added a PTR with mail being denied for certain destinations. Will removing the MX but leaving the PTR work?
>

if you send me mail claiming to be from foohost.example.com, but I find
out that I cannot send mail to foohost.example.com, then I will block
you, whether you setup an MX or not.

if on the other hand you never send mail from *host.example.com, then
you don't need to receive mail to such addresses, and as a result you
don't need an MX.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]