Re: Linux servers without local delivery

Wed, 12 Feb 2014 06:03:49 -0800 

On Wed, Feb 12, 2014 at 02:46:38PM +0100, Daniel Pocock wrote:

> On 12/02/14 14:12, Wietse Venema wrote:
> > Daniel Pocock:
> >> I'm trying to work out what is a sensible configuration for servers
> >> without local delivery.
> > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client
> 
> I'm familiar with that, it is almost what I want
> 
> They key difference is that I want to be more restrictive about
> usernames that are accepted

A null client is often configured to have no SMTP listener at all,
or to listen only on 127.0.0.1 and/or ::1.  In which case you
generally don't need any restrictions on recipient addresses.

To reject recipients mis-addressed to the machine:

        relayhost = [mail.$mydomain]
        myorigin = $mydomain
        mydestination = $myhostname, localhost.$mydomain
        alias_database =
        alias_maps =
        local_transport = error:5.1.2 Invalid recipient domain
        ...

> > There is no need to do that. All mail will have u...@example.org
> > as the sender address. If it bounces then it is not sent back
> > to the machine where it came from.
> 
> I was referring to the recipient addresses, not sender addresses

As was Wietse, but the sender address becomes the recipient address
when mail bounces.  If that is also targetted at the machine,
what plausible source of user@hostname mail do you envision?

> What I'm hoping for is that senders will get immediate feedback (e.g.
> mail command will fail or SMTP refused) if they invoke something like
> 
>     mail -s 'test' foobar

This will be delivered to foobar@$mydomain.

>     mail -s 'test' foobar@$HOSTNAME

This will bounce back to the remote mailbox of the sending user.

The mail(1) command, is a wrapper around sendmail(1), which does
not (and should not) impose any recipient-address dependent access
controls at time of submission.

> but that the mail will be relayed (null client config) if they do things
> like this:
> 
>    mail -s 'test' root

This will work.

>    mail -s 'test' postmaster@$HOSTNAME
>    mail -s 'test' daniel@localhost

These generally bounce, but you can add suitable rewriting rules.

-- 
        Viktor.

Reply via email to