On Sun, Mar 17, 2024 at 8:49 PM Viktor Dukhovni via Postfix-users
<postfix-users@postfix.org> wrote:
> > > Add "local.invalid local" to the transport(5) table, and rewrite
> > > anything that needs local(8) delivery to mailbox@local.invalid.
> >
> > I honestly re-read the above sentence several times and have no clue
> > what it means nor why to do it. "local.invalid" is not something I've
> > come across.
>
> It is a reserved domain name, (one of many) that you can use internally,
> without clashing with *real domains*.
Wow. Once you KNOW it's there, you can find out about "local.invalid".
BUT if you didn't know it was there, finding out about "local.invalid"
would be difficult.
> But you're looking at the problem from the wrong end, just asking for
> magic recipes whose quality you cannot assess, because you've not
> studied the available mechanisms. The more productive approach is
> to take the time to understand all of
>
> OVERVIEW
> ADDRESS_REWRITING_README
> VIRTUAL_README
In an ideal world, you'd be correct. I'd spend the next month
understanding Postfix from the inside out... Alas I've got to get this
new machine up and emails switched over by this Friday and I *AM*
looking for direct, simple "DO THIS" for:
What files / configs do I need to set up so that I can generate a list
of virtual and local email addresses to be blocked?
Based on "local.invalid" knowledge from Viktor, am I correct that
entering the following line in virtual would block that email address?
user@some.domain user@local.invalid
????
> See the access control docs, but also note that:
>
> - In a virtual alias domain (if you configure any), all names not
> mapped to some recipient in another domain are rejected.
For virtually hosted domains is there any way to "rewrite" any email
address to a specific email? e.g.
@some.doamin user@another.domain
I know, not ideal but I need it.
> - You can reject SMTP recipients via various restriction checks
> that perform access(5) lookups against tables of your choice.
How can I do it not based on the network or domain name but a specific
u...@domain.name?
> - You can route some recipients to the error(8) transport, and
> this will also lead them to be rejected at SMTP time.
I DID look it up. How do I do this? I don't see a way to use error(8)
table to do it.
> > If I have many lines in virtual mapping several email addresses for a
> > hosted domain, then is it automatic that every other email address
> > (not listed there) will be rejected?
>
> Only for virtual alias domains, for other domains, you may need
> a separate valid recipient table, see:
>
> https://www.postfix.org/ADDRESS_CLASS_README.html
> Because you're looking to cargo-cult recipes, in lieu of understanding
> the facilities at your disposal. The Sendmail virtuser table is an
> amalgam of many features, which in Postfix are handled at different
> layers, by separate tables. I am recommending understanding over
> parroting. Perhaps someone else can help with parroting... :-(
As I said, I just don't have the time to understand all of the
facilities at my disposal. I truly just need cargo-cult recipes.
Sorry, but it's a fact of life for me today.
> The transport resolves a recipient to a delivery agent and nexthop.
> The error(8) delivery agent is special, and recipients that route
> there are also rejected during SMTP input, not just after queueing
> (which would be a bounce). The access(5) table syntax is used in
> various SMTP "restrictions", see:
>
> https://www.postfix.org/SMTPD_ACCESS_README.html#lists
>
> > TRANSPORT seems to allow only a domain name without a user@ portion on
> > the LHS. This doesn't seem to apply to my query.
>
> No, it also supports user@domain.
it sure would be nice if that was in that man page!
> > ACCESS seems to allow only a domain name or IP (again, without a
> > user@) on the LHS. This doesn't seem to apply to my query.
>
> No, it also supports user@domain.
it sure would be nice if that was in that man page!
> > As for ERROR, ok... it's a delivery agent that will return an error
> > code (e.g. to bounce the incoming message), but.. how do I get
> > "user@some.domain" to be delivered to the "error" agent?
>
> By mapping a user to the error transport.
Oh, PLEASE... just tell me how to map a user to the error transport...
PLEASE.... ANYONE... I need some examples to do these things. This is
not a business, and I've got very little time left to set this dang
new system up for family and friends.
> > In Postfix, how do I configure Postfix such that all email to
> > "user@some.domain" will return an error code (e.g. 550 user unknown)
> > to bounce that email????
>
> Reject is always better than "bounce". The anwer is to use
> "check_recipient_access" against a suitable access(5) table of your
> choice. But, you can also bounce if the recipient is submitted locally
> or results from a rewrite, and for that you need the error(8) transport.
>
> But even better, is to not include the invalid recipient in either the
> valid recipient list of the domain's address class or in the virtual(5)
> alias table. More details are in the docs.
I will try to understand the above a bit better. BUT in the
meantime... I have zero intention of including any u...@domain.name
anywhere except where it will be rejected. I'll have some users
explicitly rewritten to someuser@some.domain while I'll have others
that just need to be rejected. Never a user in both sets!
Glenn
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
