On 9/2/2010 10:08 PM, Jean-Yves Avenard wrote:
Hi there.
On 3 September 2010 12:24, Noel Jones<njo...@megan.vbhcs.org> wrote:
recipient_canonical_maps = pcre:/etc/postfix/canonical
Careful, wildcard *canonical_maps defeat recipient validation.
This is what it contains:
/^(reg)-(.+)-(.+)@(.+)/ $...@${4}
This tells postfix to accept any re...@* address, for any
domain postfix accepts mail for. If postfix can't deliver to
the computed recipient, it will be bounced. Not good. Worst
case: your server is blacklisted as a backscatter source and
your queue is so clogged with undeliverable mail that it takes
hours to deliver legit mail.
You may be able to minimize the problem by using
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unverified_recipient
... other local rules ...
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
but that's just lipstick on a pig.
The real solution is to make sure your canonical maps (and
virtual_alias_maps) only match deliverable recipients.
It's the postfix that ships with macos server, it looks like they did
everything they could to block outlook client (starting by disabling
port 465)
You can add smtps support to master.cf pretty easily.
465 inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-- Noel Jones
