Terry L. Inzauro wrote:
Noel Jones wrote:
Terry L. Inzauro wrote:
List,
I operate a backup mx for one of my customers. In doing so, I have run
into an issue where I must accept all email regardless
of weather or not the messages is destined for a valid email account
in my customers email system (which is MS Exchange 2003).
I thought about asking my customer is they would export a list of
email addresses for which they want backup MX service for
so I can place that in a relay_recipient_map, but that process
requires ongoing admin time and might not appeal to them.
If their system rejects unknown recipients during SMTP, you can use the
reject_unverified_recipient feature to let postfix manage the valid
recipient list for you.
Do this inside a check_recipient_access map to limit the address probes
to only this domain.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
The majority of the junk mail I am seeing is in the form of From:
u...@domain and RCPT: u...@domain which is obviously
forged. Would a header_check be the way to go here in order to match
and discard the junk mail in this case? If so, what
would the pcre check look like?
header_checks examines one header at a time, so you can't compare From:
<> To:.
You can use a policy server such as postfwd to compare envelope sender
vs. recipient, or a content_filter such as spamassassin to compare the
headers.
I understand that legitimate users wouldn't be able to send themselves
email, but that fine with me.
-- Noel Jones
I like the idea of verifying addresses, but this stuck out.
<snip from the "Postfix Address Verification Howto">
WARNING
The sender/recipient address verification feature described in this document is
suitable only for low-traffic sites. It
performs poorly under high load; excessive sender address verification activity
may even cause your site to be blacklisted by
some providers. See the "Limitations" section below for details.
</snip>
------------------
what does the author consider as being low traffic?
Whatever the performance of address verification, it will beat
the dickens out of accepting and bouncing undeliverable mail.
-- Noel Jones
