Re: Stopping backscatter spam to a specific domain

Sun, 11 Jul 2021 15:44:18 -0700 

On 7/11/21 3:46 PM, Ron Garret wrote:

Ah.  That may be my problem then.  I’m using Dovecot via LMTP for local 
delivery.  I thought that postfix would receive information about non-existent 
users via that protocol, but I guess it doesn’t and ends up just accepting 
everything.

So… is dovecot actually the thing that is generating the emails from 
mailer-daemon?  Is there a way to get this setup to do the Right Thing?  If 
not, why is LMTP even supported, because it seems to me that anyone who uses it 
will have this problem.

(FYI, the reason I want to use LMTP is that I’m using sqlite for my user db, 
but postfix does not play well with sqlite when other programs are trying to 
access the same DB.  I didn’t want to duplicate the user DB (I’m a big believer 
in the DRY principle) so I wanted to localize DB access to a single process, 
and that process has to be Dovecot.)


You've an additional option.

        RECIPIENT ADDRESS VERIFICATION

read-up @

        http://www.postfix.org/ADDRESS_VERIFICATION_README.html
        http://www.postfix.org/verify.8.html
        http://www.postfix.org/postconf.5.html#relay_recipient_maps
        http://www.postfix.org/ADDRESS_CLASS_README.html

e.g., I run an external instance of postfix that smtp relays mail that passes 
all my 'heavy' filtering (postscreen, spam, virus, other milters, etc) to a 
lightweight internal instance of postfix+dovecot over a non-public , secure 
connection.

The internal postfix/dovecot instances share an sqlite3 DB, managed via 
postfixadmin (https://postfixadmin.sourceforge.io)
Postfixadmin's DB contains only valid addresses; both postfix and dovecot on 
that instance 'see' the same list.

This DB is local only, no user DB (other than postfix cache) exists on the 
external DB.  I.e., single process DB access, and no DB duplication, and that 
process is Dovecot(+ the internal postfix instance)

By leaving blank, in main.cf on the external instance

        relay_recipient_maps =

"the Postfix SMTP server accepts all recipients for domains listed with the 
relay_domains parameter".  Once that criterion is met, an address verification probe 
is then exec'd 'by' the external instance 'against' the internal postfix instance's 
recipient list, fed by that shared DB list.

no matching entry? not a valid recipient.  internal instance notifies external 
instance, which rejects accordingly.

Not everyone's cup-of-tea, but works perfectly for me.

Reply via email to