On 8/4/2010 9:33 PM, Peter Evans wrote:
I have an experiment I would like to perform but I am uncertain
how to do it without breaking everything else.
I would like to direct all mail from places with no reverse dns into
a big bit-bucket. Obviously something like 95% of those mails would be
going to a bogus address.
Would:
header_checks = regexp:/etc/postfix/unknown_catcher
/^Received: unknown/
REDIRECT bitbuc...@domain.com
Be the most effective way to catch these? I have a sneaking feeling it
would trip up on multiple Received: lines as legitimate mail comes out
of corpulent networks.
Well, as written above it wouldn't match anything... but the
concept is broken. It could trigger on headers from other
systems, machines from your local network, or from SASL
authenticated users. I can't think of a way to reliably
account for all the exceptions; header_checks is not a good
tool for this.
You could use a policy service that returns "REDIRECT
bitbuc...@example.com when rDNS == unknown. I expect postfwd
could do this pretty easily. The policy service would need to
be after any authorized relay tests so it wouldn't catch local
machines, something like:
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_policy_service ...rdns_bitbucket
... other restrictions ...
If you want the bitbucket to accept mail to invalid users, you
can use
check_policy_service ...rdns_bitbucket
reject_unlisted_recipient
... other restrictions ...
and set main.cf:
smtpd_reject_unlisted_recipient = no
have fun!
-- Noel Jones
