Noel Jones escribió:
> Roman Medina-Heigl Hernandez wrote:
>> Hello,
>>
>> I don't want my mail queue to fill due to fake mail (spam) so I'd like to
>> reject as much mail as I could at the smtp stage (avoiding mail entering
>> into my queues). My setup is multi-domain (vdomains) and it's working
>> reasonably well for my hosted domains ("real") but not for those being
>> "aliased". The problem (I guess) if that I'm using "wide" aliasing so I
>> have an alias table (virtual_alias_maps) of the form:
>> @aliasdomain.com @realdomain.com
>> (no users are being especified).
>
> Wildcards break recipient validation.
>
>>
>> So all possible recipients at aliasdomain.com are being taken as
>> "existing", and thus not being rejected by reject_unlisted_recipient
>> rule.
>> This is expected behaviour (I guess), but I'm wondering whether there is
>> any elegant way to solve the problem without having to create one-to-one
>> aliases such as: us...@aliasdomain.com us...@realdomain.com,
>> us...@aliasdomain.com us...@realdomain.com, etc.
>>
>> Do you know a cute way to solve this? Thank you.
>
> Use 1-1 mappings. Use a little script and a Makefile to let the
> computer build the aliased domain from the real domain list you already
> maintain. Size of the table is not an issue.
>
> Your postconf output looks OK.
Yes, all tasks can usually be automatized but sometimes it's good to
simplify things. I don't know much about postfix internals, I suppose this
is a design decission, I mean, aliases are "resolved" at later stages, but
perhaps it could be good to have a simple check at the smtp stage in a way
that if all targets of a given alias entry are local domains, then Postfix
would evaluate $local_recipient_maps against those local domains. Same
apply for other classes (such as virtual by checking
$virtual_mailbox_maps). Of course if an alias points to another alias, this
second alias could be resolved in the same way. In other words, the idea is
to resolve the alias entry until you reach a point were you cannot know
which users do a domain have for sure so the only choice is to add the mail
to queue and let the other postfix subprocesses makes their job.
If all final recipients can be checked against its corresponding map (i.e.
you know for sure if they exist or not), reject_unlisted_recipient will be
honored. If not, let the mail drop into the queue (for instance if you have
an alias to an external domain; or if you have a mix of destination domains
related to one alias entry: "hosted" and external, eg).
I think it makes sense... and it could be an useful feature. It would be
nice if Wietse could comment on this.
--
Saludos,
-Roman
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
