On Thu, May 13, 2010 at 8:19 PM, Nataraj <incoming-post...@rjl.com> wrote: > Noel Jones wrote: >> >> On 5/12/2010 1:56 AM, Aniruddha wrote: >>> >>> Hi, >>> >>> I have set up postfix with a mail_transport to Zarafa. To fix an ' >>> Recipient address rejected: User unknown in local recipient table' >>> error I have to put an empty 'local_recipient_maps =' in postfix's >>> main.cf. >> >> The correct solution is to point that parameter at a map containing all >> your valid users. >> >> Often this is caused by listing a virtual_mailbox_domain in mydestination. >> Don't do that. >> >> >>> I do wonder about the security implications of setting this >>> option. If I understand the documentation correctly it isn't wise to >>> set this option to empty. Is this correct? Besides the information >>> below I can't find much information about this option.Thanks in >>> advance! >> >> Accepting mail for undeliverable recipients will cause postfix to send >> non-delivery notices -- bounces -- to the reported envelope sender. >> >> The envelope sender on spam is frequently either a non-working address or >> an innocent third party. >> >> This has two results; your queue is filled with undeliverable bounces, and >> you send bounces to innocent third parties. The full queue will badly >> affect delivery of legit mail, and the backscatter you send to innocent >> people will get you blacklisted. >> >> Rejecting the mail during the initial SMTP session avoids these problems. >> >> -- Noel Jones > > Postfix provides many different mechanisms to access different formats of > tables and/or define policy agents that can check things like this, even if > the database is part of another software package. For example, I have my > user database in the vpostmaster package and my smtpd_recipient_restrictions > include (directly after the permit_sasl_authenticated and > permit_mynetworks), > check_recipient_access proxy:pgsql:/etc/postfix/vpm_recipient_access > > The file vpm_recipient_access contains a single rather complex nested > postgres sql statement which checks the data base and verifies both the > existance of the domain and username on the local mail server. It then > returns DUNNO if the recipient address is valid or "REJECT No such domain > %d" or "REJECT No such user %u in domain %d" You could also, of course, > implement this with simple berkely db files, or by writing a policy agent. > > Previously the vpostmaster policy daemon was validating the recipients, > however I moved this into the postfix sql interface because it is much > faster and causes sooner rejection of bad reciepients in the smtpd session, > increasing the performance of my mail server. > > Nataraj
Thanks for the help! I understand that the main risk of setting 'local_recipient_maps =' to empty is 'bouncing unsolicited messages back to (spoofed) domains which gets you blacklisted. In the end I fixed this by pointing postfix to the mysql database where the user information is stored. Thanks again.
