On 2025-01-23 at 10:01:13 UTC-0500 (Thu, 23 Jan 2025 16:01:13 +0100) Gerben Wierda via Postfix-users <gerben.wie...@rna.nl> is rumored to have said:
> I was wondering, suppose I have a user like this: > > f...@bar.com is the account name > foo.lastn...@bar.com is the incoming alias and the outgoing canonical > > Could I force incoming mail to accept the alias form, but not accept the > account form? I.e. f...@bar.com as address is blocked, but > foo.lastn...@bar.com is accepted and delivered to f...@bar.com I landed on that by accident many years ago... Since you are using system accounts, it is quite straightforward. With system accounts, by default the canonical fully-qualified address is u...@hostname.example.com BUT the FQDN domain part is just the default for bare usernames. Set the server's hostname (and by default postfix's myhostname) to a FQDN (ideally one which is not resolvable in public DNS but is resolvable locally, either as a hosts file entry or in an internal DNS view.) By default that is also mydestination. Make the base domain that you want to have mailable addresses a virtual alias domain. In your virtual alias map, you can then map all of the names in the mailable domain (i.e. example.com) that you want to be deliverable to the bare usernames. If you use a regexp or pcre map, you can also give your users ad hoc single-use email addresses using any pattern you want, not just '+' tagging. If you do not map the simplest address (u...@example.com) and if there's no way for clients to resolve the internal hostname, the hypothetically canonical address "u...@hostname.example.com" isn't useful to spammers. Even if you leave the FQDN resolvable to the world, spammers are not going to guess hostnames and add them to addresses. I also use a bigger ad hoc alias mechanism with user-specific "hostnames" that exist only to route mail, but that is not really justified for most users. > The spammers that send to my systems use the account form (and not the > alias/canonical) a lot, that's why I'm asking I feel your pain. For a long time I used a simple address in public places like Usenet. It's on a lot of spammer lists. It's still mailable in principle, but it has such severe spam filtering that even if I still gave it out, many people would find it undeliverable. It hasn't been "real" since ~2001. > I can of course create a new account form (a...@bar.com) and use > aliases/canonicals on that, but that might not take hold in the long term and > I would have to let users change their auth settings (which now is user 'foo' > and 'password') That's helpful because they won't need to change the domain part of their account name, which they would if they were using u...@example.com. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
