Ken Mink wrote:
Yes, use relay recipient maps. If you don't, ugliness can happen. I've seen queues cross into the 6 digits (100,000+ msgs) due to this problem alone, during dictionary attacks. This of course presumes you're using at least Postfix v2.0 (I think). See the postfix docs(1) for full details, but the basic gist of it is this:Hi Folks, I've been trying to figure this out, but I'm stumped. I've got two servers running postfix that handle email for our domain($WORK). One is in the dmz and has relay_domain set for our domainname. In the transport file, I have an entry for our domainname and the internal server to forward it to. This works fine, but I have an issue with it. Due to people who have left the comany, tons of spam comes in for addresses in our domain, but that no longer exist. The server in the dmz accepts the messages and forwards them on like it should. The internal machine then tries to bounce the message since the user is unknown. Since most spam uses a bogus from, the internal machine is getting clogged with messages it can't bounce. There half a dozen employees here, but a postqueue -p lists a couple thousand defferred messages. What I'd like is for the dmz server to immediately reject mail for unknown users. Apart from adding an account for everyone on that machine, I don't klnow how to go about doing that. I've tried explicitly putting each account in the transport file, but that just added the bouncing to the dmz's deferred queue rather than the internal server. Any ideas?
Thanks,
Ken
# in main.cf relay_recipient_maps = hash:/path/to/postfix/relay_recipients
# in relay_recipients [EMAIL PROTECTED] Ok @otherdomain.com Ok
This will allow only mail to [EMAIL PROTECTED], [EMAIL PROTECTED] would be rejected. All recipients in otherdomain.com would be considered valid.
As an alternative, if you need to update this on a regular basis, you might consider a mysql solution. This requires that you compile postfix with mysql support, and setup a bit more, but investigate the mysql:/path/to/postfix/mysql_maps way of doing it if your needs require very frequent and / or flexible updates to the users allowed to relay mail.
Enjoy! Aaron S. Joyner
1. http://www.postfix.org/postconf.5.html#relay_recipient_maps -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
