On 01.07.21 12:04, Dima Veselov wrote:
I use dovecot LMTP as a virtual transport and of course I do not
want to relay and bounce e-mails for non-existent users. As I found
reject_unverified_recipient is the only way to check recipient
before relaying mail, because reject_unlisted_recipient will not
work with LMTP.
The other side of reject_unverified is postfix checking all
addresses, even located on the internet what is not always welcome.
Is there any way to limit reject_unverified_recipient to local
domain? Or maybe I can use maps for using unlisted_recipient instead?
on a mail gateway we have something like:
smtpd_sender_restrictions =
reject_non_fqdn_sender,
reject_unknown_sender_domain,
...
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access.sender,
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
...
check_recipient_access hash:/etc/postfix/access.recipient,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
where /etc/postfix/access.sender contains:
example.com reject_unverified_sender
and /etc/postfix/access.recipient contains:
example.com reject_unverified_recipient
so, after some other checks (mostly refusals), gateways refuse unverified
senders for example.com unless client is authenticated or in mynetworks, and
unverified recipients (even for client authenticated or in mynetworks)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
