postfix has a new feature that allows IMGate to provide a very efficient, perfectly effective defense against dictionary attacks.
What's new is the "efficient" angle, because earlier, you could always export a list of your mailbox accounts to IMGate and rejects all unknown users, but this had to be at the end of your restrictions list, meaning you had to apply all the restrictions, and then discover that in fact the recipient was unknown after all, and reject. An effective but very inefficient defense in dictionary attack where you applied all restriction to 99% of the junk recipients only then to apply the "unknown recipient" reject. This works but it's inefficient. The other bad part was that if you put the to_recipients_known.map at the preferable top of your restrictions list so you reject unknown recipients early as possible, then an [EMAIL PROTECTED] ok ... would skip all the other restrictions, so you known users were accepted by got no anti-spam defense. Now, because Wietese listens, you can put this new check at the top of your restrictions: check_recipient_maps This special check never returns an OK (only a REJECT or DUNNO), ie, no short ciruit for known users, so it will allow the rest of the last restrictions to be applied but only for users found in recipient_maps. perfect!! to set it up, your "recipient_maps" are, at least, in main.cf : local_recipient_maps = /etc/postfix/to_local_recipients.map ... for handful of accounts on your IMGate box and relay_recipient_maps = /etc/postfix/to_relay_recipients.map ... for accounts on mailbox servers postfix is relaying to. These are the maps you need to define with the list of ( canonical + alias ) for ( users + domains) on your mailbox server. in main.cf: #your table files: local_recipient_maps = /etc/postfix/to_local_recipients.map relay_recipient_maps = /etc/postfix/to_relay_recipients.map #your restrictions smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_recipient_access, <<<<< the new one . . . permit For reading, see these postfix files in postfix version 2.0+ : sample-smtpd.cf and ADDRESS_CLASS_README Len
