Hello, I'm trying to prevent my testing postfix installation 2.8.4 from
being
abused by emails that will go to the root@localhost email address.
I found out that it receives these messages accindetally, when I
tested my configuration.
The root@localhost must be accessible, when the mail comes from localhost
machine and not be accessible from the rest of the world - that's clear.
My server will receive email from many virtual domains.
I believe the right cfg place is smtpd_recipient_restrictions where I have
this:
smtpd_recipient_restrictions = permit_mynetworks,
check_recipient_access
hash:/etc/postfix/block_localhost,
permit_sasl_authenticated,
permit_auth_destination,
reject
block_localhost:
----------------------------------
root@localhost REJECT
root@localhost.mydomain REJECT
mynetworks = x.x.x.x/x x.x.x.x/x x.x.x.x/x 127.0.0.1 10.0.0.0/22
According to the debug of the smtpd process, the restriction in
block_localhost file does not match the root@localhost key, but it matches
the root@localhost.$mydomain. This must be (doc says) because it's after
the rewrite process.
Questions:
---------------
1) is the smtpd_recipient_restrictions right place for such a restriction?
Any other documents I should read? (already tried google,
http://ubuntuforums.org/showthread.php?t=2250363,
http://archive.groovy.net/z-portal/postfix/faq.html#some_local, ...)
2) when I came from outside world, the restriction worked:
...
250 DSN
mail from: <root@localhost>
250 2.1.0 Ok
rcpt to: <root@localhost>
554 5.7.1 <root@localhost>: Recipient address rejected: Access denied
but when I came from 127.0.0.1, the mail was received - why exactly? But
this is the behaviour I expected and wanted - that's OK. But I'm afraid of
some misunderstanding of something...
mail from: <root@localhost>
250 2.1.0 Ok
rcpt to: <root@localhost>
250 2.1.5 Ok
3) do I have a chance to place the restriction table before the rewrite
process, so it would match the original root@localhost address? Where/how?
Thank you
Best regards, Tomas
