Re: Receive all for postmaster

Thu, 12 Mar 2009 16:31:44 -0700 

Sergey a écrit :
> Hello.
> 
> First of all, sorry for my poor english.
> 
> How can I cofigure my postfix to receive all messages for postmaster and
> not apply smtpd_*_restrictions for it? Currently I see in my log:
> 
> Mar 12 09:18:17 zero postfix/smtpd[31761]: NOQUEUE: reject: RCPT from
> unknown[94.121.227.110]: 450 4.7.1 Client host rejected: cannot find
> your reverse hostname, [94.121.227.110]; from=<romu...@xspand.com>
> to=<postmas...@mydomain.com> proto=ESMTP helo=<[94.121.227.110]>
> 

This is spam. why would you want to accept it?
- IP is listed in spamhaus, spamcops, ...
- helo is a literal. even if you want to accept this, you can still
reject it from an "unknown" client.

anyway, to accept mail for postmaster, simply add
        check_recipient_access hash:/etc/postfix/whitelist_recipient

== whitelist_recipient
postmas...@example.com          OK
spamlo...@example.com           OK

you need to add this before checks that would reject the message, and
you need to do this in every smtpd_*_restrictions. you can make your
life easier by moving anti-spam checks to smtpd_recipient_restrictions.
This way you won't need to repeat this (nor permit_* checks).

if you only want this in case of no rdns, add it before
reject_unknown_reverse_client_hostname (which I don't use as I am not
sure this is safe).

> Most often this is spam, but sometimes the valid emails are rejected too.
> 
> That's part of my main.cf
> 
> ...
> disable_vrfy_command = yes
> 
> smtpd_helo_required = yes
> 
> smtpd_helo_restrictions =
>                 permit_mynetworks,
>                 check_helo_access hash:/usr/local/etc/postfix/helo_access,
>                 reject_non_fqdn_helo_hostname,
> 
> smtpd_sender_restrictions =
>                 permit_mynetworks,
>                 check_sender_access
> hash:/usr/local/etc/postfix/sender_access,
>                 check_sender_mx_access
> cidr:/usr/local/etc/postfix/bogus_mx,
>                 reject_non_fqdn_sender,
>                 reject_unknown_sender_domain
> 
> smtpd_recipient_restrictions =
>                 permit_mynetworks,
>                 reject_unauth_destination,
>                 check_client_access
> hash:/usr/local/etc/postfix/client_access,
>                 reject_unknown_reverse_client_hostname,
>                 check_recipient_access
> hash:/usr/local/etc/postfix/recipient_access,
>                 reject_non_fqdn_recipient,
>                 reject_unverified_recipient,
>                 reject_rbl_client web.dnsbl.sorbs.net,
>                 reject_rbl_client dul.dnsbl.sorbs.net,
>                 reject_rbl_client bl.spamcop.net,
>                 reject_rbl_client zen.spamhaus.org
> 
> Thank you.

Reply via email to