Checking recipients

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Checking recipients

Ward, Martin
Checking recipients

All,

I have been looking at trying to ensure that I reduce the amount of spam my servers route onwards but have reached a point where I thought I understood how Postfix works, but clearly I don't. Would someone please enlighten me (politely if possible)? This should be a basic question but I can't find the answer.

My mail servers are MTAs. We receive emails from a number of companies and route them out to the Internet, however the companies we send emails out for are not scrupulous in checking the recipients, indeed some of them are spammers abusing the service they have purchased from us (until I find them and shut them down).

When the sending (customer's) mail server contacts me my server processes the HELO/EHLO and MAIL FROM commands, then it gets the RECV TO command and the email address to send the email to, I need to verify this sender before I get on with accepting the email itself via the DATA command, refusing the email if the recipient is invalid/non-existent. What Postfix configuration options provide for this and just how does it perform this function? I understand it in Sendmail but Postfix uses lots of discrete programs rather than one monolithic one.

|\/|artin

--
Martin Ward
Network Systems Operations Specialist
DDI:    +44 (0) 20 7863 5218
Fax:    +44 (0) 20 7863 5610
Mob:    +44 (0) 7971 97 77 21
www.colt.net

Data | Voice | Managed Services

Help reduce your carbon footprint | Think before you print

COLT Telecommunications, Beaufort House, 15 St Botolph Street, London, EC3A 7QN UK
Registered in England and Wales, registered number 02452736, VAT number GB 645 4205 50




*************************************************************************************
The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way.

The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing [hidden email] and delete the message and any attachments without retaining any copies.

Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses.

No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party.

Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.
Reply | Threaded
Open this post in threaded view
|

RE: Checking recipients

Ward, Martin
Message
Should have pointed out that I have read about the "reject_unverified_recipient" option, but the Postfix documentation states that this "is suitable only for low-traffic sites". My machines send around 40,000 emails a day out, which I don't think can be classed as "low-traffic" (although that may be my own, egotistical point of view).
 
|\/|

--

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Ward, Martin
Sent: 12 June 2008 16:57
To: [hidden email]
Subject: Checking recipients

All,

I have been looking at trying to ensure that I reduce the amount of spam my servers route onwards but have reached a point where I thought I understood how Postfix works, but clearly I don't. Would someone please enlighten me (politely if possible)? This should be a basic question but I can't find the answer.

My mail servers are MTAs. We receive emails from a number of companies and route them out to the Internet, however the companies we send emails out for are not scrupulous in checking the recipients, indeed some of them are spammers abusing the service they have purchased from us (until I find them and shut them down).

When the sending (customer's) mail server contacts me my server processes the HELO/EHLO and MAIL FROM commands, then it gets the RECV TO command and the email address to send the email to, I need to verify this sender before I get on with accepting the email itself via the DATA command, refusing the email if the recipient is invalid/non-existent. What Postfix configuration options provide for this and just how does it perform this function? I understand it in Sendmail but Postfix uses lots of discrete programs rather than one monolithic one.

|\/|artin

--
Martin Ward
Network Systems Operations Specialist
DDI:    +44 (0) 20 7863 5218
Fax:    +44 (0) 20 7863 5610
Mob:    +44 (0) 7971 97 77 21
www.colt.net

Data | Voice | Managed Services

Help reduce your carbon footprint | Think before you print

COLT Telecommunications, Beaufort House, 15 St Botolph Street, London, EC3A 7QN UK
Registered in England and Wales, registered number 02452736, VAT number GB 645 4205 50




*************************************************************************************
The message is intended for the named addressee only and may not be disclosed to or used by anyone else, nor may it be copied in any way.

The contents of this message and its attachments are confidential and may also be subject to legal privilege. If you are not the named addressee and/or have received this message in error, please advise us by e-mailing [hidden email] and delete the message and any attachments without retaining any copies.

Internet communications are not secure and COLT does not accept responsibility for this message, its contents nor responsibility for any viruses.

No contracts can be created or varied on behalf of COLT Telecommunications, its subsidiaries or affiliates ("COLT") and any other party by email Communications unless expressly agreed in writing with such other party.

Please note that incoming emails will be automatically scanned to eliminate potential viruses and unsolicited promotional emails. For more information refer to www.colt.net or contact us on +44(0)20 7390 3900.
Reply | Threaded
Open this post in threaded view
|

Re: Checking recipients

Brian Evans - Postfix List
In reply to this post by Ward, Martin
Ward, Martin wrote:

>
> All,
>
> I have been looking at trying to ensure that I reduce the amount of
> spam my servers route onwards but have reached a point where I thought
> I understood how Postfix works, but clearly I don't. Would someone
> please enlighten me (politely if possible)? This should be a basic
> question but I can't find the answer.
>
> My mail servers are MTAs. We receive emails from a number of companies
> and route them out to the Internet, however the companies we send
> emails out for are not scrupulous in checking the recipients, indeed
> some of them are spammers abusing the service they have purchased from
> us (until I find them and shut them down).
>
> When the sending (customer's) mail server contacts me my server
> processes the HELO/EHLO and MAIL FROM commands, then it gets the RECV
> TO command and the email address to send the email to, I need to
> verify this sender before I get on with accepting the email itself via
> the DATA command, refusing the email if the recipient is
> invalid/non-existent. What Postfix configuration options provide for
> this and just how does it perform this function? I understand it in
> Sendmail but Postfix uses lots of discrete programs rather than one
> monolithic one.
>
The best way to handle this is to implement a policy daemon and also
tell your clients to lock things down.
I'd rather lock down/out open relay customers than let it continue.

Envelope senders and recipients are easily forged.

Look at projects like policyd-weight (still works even though inactive)
or postfwd.
These tend to weed out bogus messages when properly configured.

Do not use reject_unauthorized_(sender|recipient) unless you control
that domain (using check_(sender|recipient)_access restriction).

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Checking recipients

Ralf Hildebrandt
In reply to this post by Ward, Martin
* Ward, Martin <[hidden email]>:
> Should have pointed out that I have read about the
> "reject_unverified_recipient" option, but the Postfix documentation
> states that this "is suitable only for low-traffic sites". My machines
> send around 40,000 emails a day out, which I don't think can be classed
> as "low-traffic" (although that may be my own, egotistical point of
> view).

Low enough :)

> When the sending (customer's) mail server contacts me my server
> processes the HELO/EHLO and MAIL FROM commands, then it gets the RECV TO

RCPT TO:

> command and the email address to send the email to, I need to verify
> this sender before I get on with accepting the email itself via the DATA
       ^^^^^^
> command, refusing the email if the recipient is invalid/non-existent.
                                     ^^^^^^^^^
                                     
What do you want to verify? sender or recipient?

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
In the rather clear UNIX language: the TCPA cartel will be
always root on your system(s) and you will it never be again.
Reply | Threaded
Open this post in threaded view
|

Re: Checking recipients

mouss-2
In reply to this post by Ward, Martin
Ward, Martin wrote:

> All,
>
> I have been looking at trying to ensure that I reduce the amount of spam
> my servers route onwards but have reached a point where I thought I
> understood how Postfix works, but clearly I don't. Would someone please
> enlighten me (politely if possible)? This should be a basic question but
> I can't find the answer.
>
> My mail servers are MTAs. We receive emails from a number of companies
> and route them out to the Internet, however the companies we send emails
> out for are not scrupulous in checking the recipients, indeed some of
> them are spammers abusing the service they have purchased from us (until
> I find them and shut them down).
>
> When the sending (customer's) mail server contacts me my server
> processes the HELO/EHLO and MAIL FROM commands, then it gets the RECV TO
> command and the email address to send the email to, I need to verify
> this sender before I get on with accepting the email itself via the DATA
> command, refusing the email if the recipient is invalid/non-existent.
> What Postfix configuration options provide for this and just how does it
> perform this function? I understand it in Sendmail but Postfix uses lots
> of discrete programs rather than one monolithic one.
>  


either get a copy of valid recipients or use
reject_unverified_recipient. if you have a mix of such situations,
you'll need to use check_recipient_access to select which "mode" to use
depending on the domain.

reject_unverified_recipient requires that the remote site validate the
recipient, otherwise it's useless. also it implies a real time smtp
connection, which has costs. but if the remote site is not too bad, and
yours is not to, this should be ok.