[Discuss] Rejecting vs. bouncing with postfix
Rich Braun
richb at pioneer.ci.net
Thu May 23 02:41:30 EDT 2013
Tom Metro posted (on the bblisa list) an item that sent me down what's turned
out to be a complicated path of attempting to redesign my spam filtering.
It boiled down to a pretty simple question that I haven't been able to answer,
and perhaps one of y'all has had to deal with this.
Assumption: you have a handful of email addresses, in a (smaller) handful of
domains, that you want to accept inbound mail for, and the rules are
straightforward enough to put in (say) /etc/postfix/virtusertable.
Question: how to I configure postfix on my inbound relay(s) to 550-reject
messages sent do any address that isn't defined in that virtusertable? What I
read online suggests that the default postfix config does this already. But
it doesn't on my setup: it accepts and queues the incoming message and then
generates a separate bounce-back sender non-delivery notification, seemingly
ignoring the virtusertable entirely. I include the few relevant items from
main.cf below, I don't think any of them would alter the bounce behavior.
My goal is to reject most spam before passing it along to spamassassin, by
implementing 3 types of rejection filters:
- Recipient not in my destination whitelist (virtusertable)
- Sender IP found in one of the (reliable) RBLs
- Greylist any sender From address not in my origin whitelist
Any header which hits one of the above should get the ol' 550 reject. It's
surprisingly hard to implement this, and the postfix doc isn't user friendly.
(Yes, I'm the curmudgeon whose personal email server will eventually be pried
out of my cold/dead hands despite the lunacy of trying to keep one running in
this day and age of Gmail et al....)
-rich
myhostname = smtp02.ci.net
myorigin = pioneer.ci.net
inet_interfaces = all
mydestination = smtp02.ci.net, smtp02.ci.net, localhost.ci.net, localhost
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtusertable
mynetworks_style = subnet
mynetworks = 192.168.2.0/26, 192.168.2.99/32, 192.168.2.110/32, 127.0.0.0/8
relay_domains = (redacted)
relayhost = (redacted)
in_flow_delay = 0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
More information about the Discuss
mailing list