On Sat, Feb 07, 2004 at 04:38:58PM +0000, Shri Shrikumar wrote: > I have a postfix installation and it accepts all email to specified domains > regardless of the user part. This seems to pose a security hole in sending > spam / viruses. > > Say someone sends an email to the server with the from of "[EMAIL PROTECTED]" > and the to of "[EMAIL PROTECTED]", postfix accepts this email > although there is not local account for [EMAIL PROTECTED] It then > tries to bounce the message back including the full message and any > attachments. > > Postfix is configured with virtual domains retrieved from an sql database. > > Can anyone point me in the right direction for getting postfix to reject > messages for non-existent local accounts instead of just bouncing it?
look at the local_recipient_maps and/or relay_recipient_maps options in main.cf. see also /usr/share/doc/postfix/examples/sample-smtpd.cf.gz: # REJECTING MAIL FOR UNKNOWN LOCAL USERS # # The local_recipient_maps parameter specifies optional lookup tables # with all names or addresses of users that are local with respect # to $mydestination and $inet_interfaces. # # If this parameter is defined, then the SMTP server will reject # mail for unknown local users. This parameter is defined by default. # # To turn off local recipient checking in the SMTP server, specify # local_recipient_maps = (i.e. empty). # # The default setting assumes that you use the default Postfix local # delivery agent for local delivery. You need to update the # local_recipient_maps setting if: # # - You define $mydestination domain recipients in files other than # /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. # For example, you define $mydestination domain recipients in # the $virtual_mailbox_maps files. # # - You redefine the local delivery agent in master.cf. # # - You redefine the "local_transport" setting in main.cf. # # - You use the "luser_relay", "mailbox_transport", or "fallback_transport" # feature of the Postfix local delivery agent (see sample-local.cf). # # Details are described in the LOCAL_RECIPIENT_README file. # # Beware: if the Postfix SMTP server runs chrooted, you probably have # to access the passwd file via the proxymap service, in order to # overcome chroot restrictions. The alternative, having a copy of # the system passwd file in the chroot jail is just not practical. # # The right-hand side of the lookup tables is conveniently ignored. # In the left-hand side, specify a bare username, an @domain.tld # wild-card, or specify a [EMAIL PROTECTED] address. # #local_recipient_maps = #local_recipient_maps = unix:passwd.byname $alias_maps local_recipient_maps = proxy:unix:passwd.byname $alias_maps # REJECTING UNKNOWN RELAY USERS # # The relay_recipient_maps parameter specifies optional lookup tables # with all addresses in the domains that match $relay_domains. # # If this parameter is defined, then the SMTP server will reject # mail for unknown relay users. This feature is off by default. # # The right-hand side of the lookup tables is conveniently ignored. # In the left-hand side, specify an @domain.tld wild-card, or specify # a [EMAIL PROTECTED] address. # #relay_recipient_maps = hash:/etc/postfix/relay_recipients craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
