Aleksander Kamenik wrote: > Hi, I have the following standard settings for postfix doing the RCPT > TO: check via sql against the dbmail_aliases table. > > sql-recipients.cf: > > user = xxx > password = xxx > hosts = 127.0.0.1 > dbname = xxx > table = dbmail_aliases > select_field = alias > where_field = alias > > > Here's a working and buggy example: > > # netcat localhost 25 > 220 mail.krediidiinfo.ee ESMTP Postfix > HELO mail.krediidiinfo.ee > 250 mail.krediidiinfo.ee > MAIL FROM:<[email protected]> > 250 Ok > RCPT TO:<[email protected]> > 550 <[email protected]>: Recipient address rejected: User > unknown in local recipient table > RCPT TO:<[email protected]> > 250 Ok > QUIT > 221 Bye > > The second response to RCPT TO: should have been a 550 too, not 250. The > dbmail_aliases table contains only proper "u...@domain" entries, no > wildcard stuff like simply a "@domain" or similar. > > So a there's a problem, when a subhost is specified in the address. > Another issue is with when no user is specified. Here's an example: > > # netcat localhost 25 > 220 mail.krediidiinfo.ee ESMTP Postfix > HELO mail.krediidiinfo.ee > 250 mail.krediidiinfo.ee > MAIL FROM:<[email protected]> > 250 Ok > RCPT TO:<@krediidiinfo.ee> > 250 Ok > QUIT > 221 Bye > > These wrong addresses are often expanded from user typos like > "@u...@domain" for example or whatever combination. Spamming postfix > with these invalid addresses would result in a DOS. > > This is postfix 2.2.9 and dbmail 2.2.11 on SLES10SP2. > > > Could a postfix/sql knowledgeable person please refine the > sql-recipients file, so invalid addresses would be denied immediately? I > have no idea how to do this.
Just my 2c - I have never seen this error, as I do not blindly accept mail for my subdomains (unlike the default): r...@arzamas:~# postconf -d | grep parent_domain_matches_subdomains parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps r...@arzamas:~# postconf -n | grep parent_domain_matches_subdomains parent_domain_matches_subdomains = With this settings the user gets a 554 Relay Denied unless the domain is explicitly listed in <whatever delivery method you use>_domains= _______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
