virtual domain alias & check_recipient_access

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

virtual domain alias & check_recipient_access

Tomas Macek-2
Hello, I need to redirect all the email coming to one domain to another
like this:

@alias-domain.com -> @real-domain.com

which means when a mail is coming to [hidden email], it's first
translated to [hidden email] and later delivered to the mailbox.

I have found this in the virtual(5) doc:

-----
@domain address, address, ...
...
               Note:  @domain is a wild-card. With this form, the Postfix SMTP
               server accepts mail for any recipient in domain, regardless of
               whether that recipient exists.  This may turn your mail system
               into a backscatter source:  Postfix first accepts mail for
               non-existent recipients and then tries to return that mail as
               "undeliverable" to the often forged sender address.

               To avoid backscatter with mail for a wild-card domain, replace
               the wild-card mapping with explicit 1:1 mappings, or add a
               reject_unverified_recipient restriction for that domain:

                   smtpd_recipient_restrictions =
                       ...
                       reject_unauth_destination
                       check_recipient_access
                           inline:{example.com=reject_unverified_recipient}
                   unverified_recipient_reject_code = 550

               In the above example, Postfix may contact a remote server if the
               recipient is aliased to a remote address.
-----

I'd like to go the way with the "check_recipient_access" option, but don't
know how to do it with databased map:

smtpd_recipient_restrictions =
    ...
  reject_unauth_destination
  check_recipient_access pgsql:map_file ?????
  unverified_recipient_reject_code = 550

What is the correct settings instead of those "?????" please? Any hint?

Thanks, Tomas
Reply | Threaded
Open this post in threaded view
|

Re: virtual domain alias & check_recipient_access

Wietse Venema
Tomas Macek:

>                    smtpd_recipient_restrictions =
>                        ...
>                        reject_unauth_destination
>                        check_recipient_access
>                            inline:{example.com=reject_unverified_recipient}
>                    unverified_recipient_reject_code = 550
>
>                In the above example, Postfix may contact a remote server if the
>                recipient is aliased to a remote address.
> -----
>
> I'd like to go the way with the "check_recipient_access" option, but don't
> know how to do it with databased map:
>
> smtpd_recipient_restrictions =
>     ...
>   reject_unauth_destination
>   check_recipient_access pgsql:map_file ?????
>   unverified_recipient_reject_code = 550
>
> What is the correct settings instead of those "?????" please? Any hint?

Use inline for reject_unverified_recipient, and use pgsql:map_file
for other things.

smtpd_recipient_restrictions =
    ...
    reject_unauth_destination
    check_recipient_access inline:{example.com=reject_unverified_recipient}
    check_recipient_access pgsql:map_file
unverified_recipient_reject_code = 550

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: virtual domain alias & check_recipient_access

Tomas Macek-2
On Fri, 21 Dec 2018, Wietse Venema wrote:

> Tomas Macek:
>>                    smtpd_recipient_restrictions =
>>                        ...
>>                        reject_unauth_destination
>>                        check_recipient_access
>>                            inline:{example.com=reject_unverified_recipient}
>>                    unverified_recipient_reject_code = 550
>>
>>                In the above example, Postfix may contact a remote server if the
>>                recipient is aliased to a remote address.
>> -----
>>
>> I'd like to go the way with the "check_recipient_access" option, but don't
>> know how to do it with databased map:
>>
>> smtpd_recipient_restrictions =
>>     ...
>>   reject_unauth_destination
>>   check_recipient_access pgsql:map_file ?????
>>   unverified_recipient_reject_code = 550
>>
>> What is the correct settings instead of those "?????" please? Any hint?
>
> Use inline for reject_unverified_recipient, and use pgsql:map_file
> for other things.
>
> smtpd_recipient_restrictions =
>    ...
>    reject_unauth_destination
>    check_recipient_access inline:{example.com=reject_unverified_recipient}
>    check_recipient_access pgsql:map_file
> unverified_recipient_reject_code = 550

I filled in my alias domain name instead of the "example.com", but the
system still accepts mail to "[hidden email]". The
example.com in the example above should be the destination or the alias
domain? Or is that a misunderstanding of the system from me?

Tomas

Reply | Threaded
Open this post in threaded view
|

Re: virtual domain alias & check_recipient_access

Wietse Venema
Tomas Macek:

> On Fri, 21 Dec 2018, Wietse Venema wrote:
>
> > Tomas Macek:
> >>                    smtpd_recipient_restrictions =
> >>                        ...
> >>                        reject_unauth_destination
> >>                        check_recipient_access
> >>                            inline:{example.com=reject_unverified_recipient}
> >>                    unverified_recipient_reject_code = 550
> >>
> >>                In the above example, Postfix may contact a remote server if the
> >>                recipient is aliased to a remote address.
> >> -----
> >>
> >> I'd like to go the way with the "check_recipient_access" option, but don't
> >> know how to do it with databased map:
> >>
> >> smtpd_recipient_restrictions =
> >>     ...
> >>   reject_unauth_destination
> >>   check_recipient_access pgsql:map_file ?????
> >>   unverified_recipient_reject_code = 550
> >>
> >> What is the correct settings instead of those "?????" please? Any hint?
> >
> > Use inline for reject_unverified_recipient, and use pgsql:map_file
> > for other things.
> >
> > smtpd_recipient_restrictions =
> >    ...
> >    reject_unauth_destination
> >    check_recipient_access inline:{example.com=reject_unverified_recipient}
> >    check_recipient_access pgsql:map_file
> > unverified_recipient_reject_code = 550
>
> I filled in my alias domain name instead of the "example.com", but the
> system still accepts mail to "[hidden email]". The
> example.com in the example above should be the destination or the alias
> domain? Or is that a misunderstanding of the system from me?

In the table, specify the DOMAIN NAME FROM THE SMTP COMMAND.
It's called SMTPD_RECIPIENT_restrictions for a reason.

        Wietse