D G Teed a écrit : > On Thu, Nov 13, 2008 at 2:14 PM, mouss <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > sure, losing mail is bad. but you should reject mail during the smtp > transaction. if your postfix is a lreay server and you can't get the > relay_recipient_maps, then you can use reject_unverified_recipient > (only for selected domains). > > > My MX servers have no mailboxes. They either relay email to an external > domain address the user asked to have set up, or they relay to one of three > servers within our domain. We use : > > virtual_alias_maps = hash:/etc/postfix/relocated > hash:/etc/postfix/class_lists hash:/etc/postfix/virtual > virtual_alias_domains = $virtual_alias_maps, mydomain.ca > > The virtual file contains every address we handle in one of these ways. > > I can't see using reject_unverified_recipient for the volume of email we > have, > and it is pointless to do when we have a valid list of all addresses > the MX should handle. > > In main.cf <http://main.cf> I see: > # The relay_domains parameter restricts what destinations this system will > # relay mail to. > > The list of domains we forward to, based on the virtual mapping file, > will vary over time, so there is no easy way to satisfy the > requirements of relay_recipient_map. > > Based on what I'm seeing in our logs, and from swaks talking to our MX > I have to conclude that relay_recipient_map is not the only way to disable > backscatter. The documentation should include mention of virtual_alias_maps > as being another alternative which allows reject prior to queueing. >
if you have no domains in relay_domains, then you don't need relay_recipient_maps nor reject_unverified_domains. you are using a "non standard" setup in the sense that you are declaring the domains as virtual_alias_domains when they are relay_domains. if you have wildcard aliases (alias for the whole domain), then you may have a backscatter problem. see below. > With relay_domain and mydestination set to null, we are getting useful > rejects. From swaks I test email to non-existant address: > === Trying nexa.mydomain.ca:9077... > === Connected to nexa.mydomain.ca <http://nexa.mydomain.ca>. > <- 220 nexa.mydomain.ca <http://nexa.mydomain.ca> ESMTP Postfix > -> EHLO somewhere.ca <http://somewhere.ca> > <- 250-nexa.mydomain.ca <http://250-nexa.mydomain.ca> > <- 250-PIPELINING > <- 250-SIZE 10000000 > <- 250-ETRN > <- 250-ENHANCEDSTATUSCODES > <- 250-8BITMIME > <- 250 DSN > -> MAIL FROM:<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > <- 250 2.1.0 Ok > -> RCPT TO:<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > <** 550 5.1.1 <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>: > Recipient address rejected: User unknown in virtual alias table > -> QUIT > <- 221 2.0.0 Bye > === Connection closed with remote host. test with a domain for which you have a wildcard alias in one of your virtual_alias_maps. so if you have a line like @example.com @example.org then try sending mail (with telnet or a MUA that uses smtp) to [EMAIL PROTECTED]
