/dev/rob0:
> On Wed, Sep 11, 2013 at 01:23:01PM +0200, Zel Uneec wrote:
> > This is my problem/question: I have multiple domains on my mail
> > server running postfix (adn dovecot), with LDAP based user
> > accounts. When someone "from outside" (that is: not from my
> > domains) sends mail to a user that does not exist, he gets a bounce
> > message that the given mail account/user does not exist on server.
>
> No, not from your server, anyway. Your server rejects the mail from
> the remote client, and that MTA generates the bounce for their own
> user.
>
> > But, when someone "from inside" (from one of my domains) tries to
>
> "From one of my domains"? Do you mean from your networks?
>
> > send mail to non existing user, he is not able to send e-mail, and
> > mail clients give him reject code (some with explanation that
> > account/user does not exist, some with no explanation).
> >
> > What I want to do is to set postfix to let those "inside" mails
> > pass too, and then recive bounce mail with note that user does
> > not exist
>
> This is what happens if permit_mynetworks precedes any other
> reatrictions you may have set.
It is slightly different. The "user unknown" test is enabled by
default:
Built-in default:
smtpd_reject_unlisted_recipient = yes
With this, there is an implicit reject_unlisted_recipient
that is enforcedi for all clients.
To accept mail from local clients to unknown recipients, while
blocking mail from remote clients to unknown recipients, you
have to specify the reject_unlisted_recipient explicitly.
/etc/postfix/main.cf:
smtpd_reject_unlisted_recipient = no
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unlisted_recipient
...
reject_unauth_destination
...
It's is very easy to screw this up and become a backscatter source.
That is why "smtpd_reject_unlisted_recipient = no" is not the default
setting.
http://www.postfix.org/postconf.5.html#smtpd_reject_unlisted_recipient
http://www.postfix.org/postconf.5.html#reject_unlisted_recipient
Wietse
