From: Sandy Drobic (postfix-usersjapantest.homelinux.com)
Date: Wed Mar 26 2008 - 12:45:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Goodge wrote:
> Hi,
>
> I'm relatively new to Postfix (I'm more familiar with Exim and (spit)
> Sendmail), so it's possible that the answers to both of these questions
> are staring me in the face if only I'd read the documentation correctly
> (or possibly the answers are "it can't be done with Postfix"), but
> either way I'd appreciate the necessary pointers :-)
>
>
> Anyway, my questions are:
>
> 1. How can I configure Postfix to forward, rewrite or redirect (whatever
> the correct terminology is) mail so that only the domain part changes.
> That is, I want to configure it so that $local_partexample.com is
> rewritten to $local_partexample.co.uk and then handed off to whatever
> mail server is responsible for example.co.uk (assuming that my server is
> primary MX for example.com, but some other mail server is primary MX for
> example.co.uk). For those familiar with Exim, what I'm looking for is
> the Postfix equivalent of this configuration:
>
> redirect_example:
> driver = redirect
> domains = example.com
> data = ${quote:$local_part}example.co.uk
> no_more
>
> Does that make sense? If that's possible with Postfix, what should I be
> looking for to configure it?

As usual, there are several ways to do this:

- you can use the action REDIRECT in a check:

/etc/postfix/main.cf:
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_unlisted_recipient
        check_recipient_access pcre:/etc/postfix/recipient_redirect

/etc/postfix/recipient_redirect:
/(.+)example\.com$/ redirect $1example.co.uk

- as an alternative you could also use smtp_generic_maps. It is applied by the
smtp client, so you can use wildcard address rewrite without destroying
recipient validation.

/etc/postfix/main.cf:
smtp_generic_maps = pcre:/etc/postfix/generic.pcre

/etc/postfix/generic.pcre:
(.+)example\.com$/ $1example.co.uk

This assumes that somewhere in your setup the smtp client is used.
I also assume that you wish to set up such a rule for ALL recipients of that
domain.

>
> 2. How can I configure Postfix to discard mail from the null sender to a
> specific recipient? That is, I want <> to be able to send mail to every
> valid user on my system except johnexample.com, while johnexample.com
> can receive mail from any valid external sender except <>.

Do not discard mail, REJECT mail you do not wish to receive. If you need to
check more than one condition you have to use a restriction class. It's a bit
more complex:

/etc/postfix/main.cf:
smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        reject_unlisted_recipient
        check_recipient_access hash:/etc/postfix/recipient_reject_nullsender
smtpd_restriction_classes =
        reject_nullsender
reject_nullsender =
        check_sender_access hash:/etc/postfix/sender_reject_nullsender

/etc/postfix/recipient_reject_nullsender:
johnexample.com reject_nullsender

/etc/postfix/sender_reject_nullsender
<> 554 recipient does not accept the nullsender as sender address

Check if smtpd_null_access_lookup_key is indeed the empty address.

> To give some background to this question, the aim is to deal with
> "backscatter" spam where a specific user has been on the wrong end of a
> joe-job and their address is getting massive quantities of inbound
> bounce messages. I don't want to discard all mail from the null sender
> to all recipients, as that's generally a Bad Thing, but in this case the
> quantity of backscatter is so great that not only is it overwhelming the
> user's mailbox but also it's affecting performance for all other users
> of the server. So the discard needs to be pre-queue; it's not sufficient
> to let the bounces pass through the queue and then be discarded later.
>
> Again, does this question make sense, and is what I'm asking possible
> with Postfix? Alternatively, can anyone suggest alternative strategies
> of dealing with this particular problem (I'm sure other people have
> encountered the same thing in the past)?
>
>
> (Just for clarity, I should add that these two questions are entirely
> independent and apply to two different systems that I help to maintain).

In that case you should open two independent threads next time and choose a
subject that introduces the question better.

--
Sandy

List replies only please!
Please address PMs to: news-reply2 () japantest (.) homelinux (.) com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]