Hello,
I don't want my mail queue to fill due to fake mail (spam) so I'd like to
reject as much mail as I could at the smtp stage (avoiding mail entering
into my queues). My setup is multi-domain (vdomains) and it's working
reasonably well for my hosted domains ("real") but not for those being
"aliased". The problem (I guess) if that I'm using "wide" aliasing so I
have an alias table (virtual_alias_maps) of the form:
@aliasdomain.com @realdomain.com
(no users are being especified).
So all possible recipients at aliasdomain.com are being taken as
"existing", and thus not being rejected by reject_unlisted_recipient rule.
This is expected behaviour (I guess), but I'm wondering whether there is
any elegant way to solve the problem without having to create one-to-one
aliases such as: us...@aliasdomain.com us...@realdomain.com,
us...@aliasdomain.com us...@realdomain.com, etc.
Do you know a cute way to solve this? Thank you.
PD: "postconf -n" attached:
===
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
delay_warning_time = 4
disable_vrfy_command = yes
mail_name = mxhs
mailbox_command = procmail -a "$EXTENSION"
message_reject_characters = \0
message_size_limit = 28311552
mydestination = $myhostname localhost localhost.$mydomain
myhostname = mx.mydomain.com
mynetworks = 127.0.0.2, 127.0.0.3
myorigin = $myhostname
recipient_delimiter = +
relay_domains = hash:/etc/postfix/listas hash:/etc/postfix/mxbackup
relocated_maps = hash:/etc/postfix/relocated
show_user_unknown_table_name = no
smtp_bind_address = <undisclosed>
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
permit_mynetworks,
reject_authenticated_sender_login_mismatch,permit_sasl_authenticated,
reject_unauth_destination, reject_unlisted_recipient,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = $virtual_mailbox_maps
smtpd_tls_cert_file = /etc/ssl/certs/mail.mydomain.com.crt
smtpd_tls_key_file = /etc/ssl/private/mail.mydomain.com.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/listas
virtual_alias_maps = mysql:/etc/postfix/valias.mysql
virtual_mailbox_domains = mysql:/etc/postfix/vdomain.mysql
virtual_mailbox_maps = mysql:/etc/postfix/vuser.mysql
virtual_transport = lmtp:unix:/private/cyrus
===
--
Saludos,
-Roman
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
