Hi,
First, sorry if this lacks some detail, dealing with email delivery is not
my normal thing (I generally work more purely in code realms. :P ).
However, I've been assigned to write a milter to deal with backscatter spam
that can be generated by our virtual domain setup, and first I'd like to
verify that's the correct approach, vs something that postfix can already
do, since it has a lot of ways to deal with things like this.
Basic setup: All of our users are stored in LDAP, and we use ldap maps
with postfix.
[EMAIL PROTECTED] conf]$ grep ldap main.cf
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
The problem description I've been given is:
We need a milter that validates RCPT To: content specifically for alias
domains. Currently we automatically accept email for alias domains and
then generate a bounce. This has the potential for backscatter abuse and
we'd like to close this hole for hosed and still be able to offer alias
domains without adding aliases to each account. The problem with alias
domains is we define them as a catchall domain @aliasdomain.com so it
automatically accepts the email for that domain and then does the rewrite
to [EMAIL PROTECTED], if that user doesn't exist it bounces. We want the
milter to reject at rcpt_to time instead of allowing the bounce. My guess
is you'll have to insert it on smtp_recipient_restrictions as opposed to
using the normal milter rules, which normally work on queued mail.
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
