On Nov 24, 2008, at 1:32 PM, Noel Jones wrote:
This document should be helpful:
http://www.postfix.org/SOHO_README.html
I reviewed this document carefully, but it didn't seem to quite cover
my use case.
Given that, here's what our current virtual tables look like (the
last entry was changed for illustrating the point):
example.net Domain
@example.net @example.org
Don't use "@domain @domain" wildcard mappings. These defeat
recipient validation and turn you into a backscatter source.
Rather use an explicit list of all valid user mappings. Use your
scripting skills to generate the list rather than keeping it by hand.
Okay, I've updated my example to consider this, although the outcome
is the same.
cat /etc/postfix/virtual.cf:
----
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
cat transport.cf:
----
example.net relay:[www.xxx.yyy.23]
example.org relay:[www.xxx.yyy.23]
cat relay_recipients.cf:
----
[EMAIL PROTECTED] ok
[EMAIL PROTECTED] ok
And the relevant lines from main.cf:
----
relay_domains = example.org, example.net, example.info
relay_recipient_maps = hash:/etc/postfix/hashmaps/relay_recipients.cf
transport_maps = hash:/etc/postfix/hashmaps/transport.cf
virtual_alias_maps = hash:/etc/postfix/hashmaps/virtual.cf
So the example has been clarified to indicate users that are
"legitimate". This means that messages to them should be forwarded on
to the spam gateway. Everyone else should be bounced. There is *no*
local delivery on this box.
The legitimate users are [EMAIL PROTECTED] and [EMAIL PROTECTED] [EMAIL PROTECTED]
is a forward to an address that is in the list of valid virtual
users on our local servers, and [EMAIL PROTECTED] is a forward to an
address that is not in the list of valid virtual users on our local
servers.
Sounds as if you need to decide what address class your domain
belongs to. Please see:
http://www.postfix.org/ADDRESS_CLASS_README.html
I reviewed all the entries from both your e-mail and Victor
Duchovni's, and I haven't found any description that quite covers my
case entirely. I can't find an explanation of what happens to a
message that gets virtual aliased and *then* relayed.
[EMAIL PROTECTED] = relays internally, fine
[EMAIL PROTECTED] = relays internally, fine
[EMAIL PROTECTED] = relays internally, fine (to [EMAIL PROTECTED], as
expected)
[EMAIL PROTECTED] = Fails, and does so right in the SMTP session:
550 5.1.1 <[EMAIL PROTECTED]>: Recipient address rejected: User
unknown in relay recipient table
So far, so good. Now, we try:
[EMAIL PROTECTED] = relays internally like the others above.
How can I prevent this from happening? [EMAIL PROTECTED]/org does not
have a valid virtual resolution, and does not exist in
relay_recipient_maps, and yet it's still happily forwarding along
internally.
I only want legitimate users to forward, and the one place I thought I
might be able to filter the list down, relay_recipient_maps, isn't
doing anything to stop him, even though I have a user from each domain
listed, which from what I read in the Postfix docs means it's
inclusive, and only should allow those users to relay, and everyone
else gets a bounce.
Thanks,
George
