Happy new year to all of you ! ;o)
I'm trying to setup a postfix antispam gateway to our mail server.
Something looking like :
Internet --> mx1.mydomain.com[my gateway with postfix] -->
mx2.mydomain.com (only MX1 acts as a DNS MX for all emails sent to
mydomain.com)
It works pretty well, with restrictions I planned, but I have two problems I
cannot solve for some weeks :
1/ relay_recipient_maps seems not to filter emails sent to mx2.mydomain.com
(it was postmap'ed).
mx2 is contacted to verify if user email exists instead of looking up into
/etc/postfix/relay_recipients file.
Did I miss something ??
2/ the most important problem is the mail return message following a non
existing user sending email :
The Postfix program
<no...@mydomain.com>: host mx1.mydomain.com[xx.xx.xx.xx] said:
550 5.1.1 <no...@mydomain.com>: Recipient address rejected:
undeliverable address: host mx2.mydomain.com[xx.xx.xx.xx] said:
550 5.1.1 <no...@mydomain.com>: Recipient address rejected: User
unknown in local recipient table (in reply to RCPT TO command) (in reply
to
RCPT TO command)
For security reasons, is there a way to hide this notification, and say
instead something like "User unknown" ?
Or just notify the first line about mx1 without any mention to mx2 ?
Thank in advance for your replies.
Antony
--------------------------------------------------------------------
Here are the configuration files of mx1.mydomain.com
#cat main.cf
invalid_hostname_reject_code = 550
multi_recipient_bounce_reject_code = 550
non_fqdn_reject_code = 550
unknown_sender_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 550
unverified_recipient_reject_reason = Address lookup failed !
show_user_unknown_table_name = no
smtpd_banner = Mailbox Machine
biff = no
disable_vrfy_command = yes
smtpd_helo_required = yes
append_dot_mydomain = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
myorigin = mydomain.com
mynetworks =
127.0.0.0/8
parent_domain_matches_subdomains =
debug_peer_list,
smtpd_access_maps
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relay_domains = mydomain.com
transport_maps = hash:/etc/postfix/transport
show_user_unknown_table_name = no
virtual_alias_maps = hash:/etc/postfix/virtual
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_helo_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient,
reject_invalid_helo_hostname,
reject_unlisted_recipient,
check_recipient_maps,
reject_unlisted_sender,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
check_policy_service inet:127.0.0.1:60000,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_end_of_data_restrictions =
# cat virtual
postmaster ad...@mydomain.com
abuse ad...@mydomain.com
root ad...@mydomain.com
cat relay_recipients
to...@mydomain.com xx
# cat transport
mydomain.com smtp:[mx2.mydomain.com]
