 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Mar-2008 | Next-Thread | Next-Msg |
| Subject: | Re: Question about recipient canonical rewrite and smtp recipient restrictions |
| Group: | Postfix-users |
| From: | mouss |
| Date: | 28 Mar 2008 |
> Hi,
>
> I need some help please with an issue I found while working on
> implementing recipient validation.
>
> We have some old domains and a test domain that we still use. I rewrite
> the recipient address for these domains using a canonical map. That seems
> to work fine. When I was testing recipient validation, I discovered that
> email that is addressed to these domains bypass my recipient table
> look-up. My thinking was that postfix would rewrite the recipient address
> per the canonical table and then check the recipient access table using
> the rewritten address. It appears that it doesn't check at all, as any
> address that I use for these rewritten domains passes through.
>
> How can validate the addresses for these domain names that are rewritten?
>
do not use wild card aliases and canonical. generate mappings for each user:
foo foo
...
use a script (or sql or ldap) to generate this map.
> My recipient canonical map and postconf -n output is below
>
>
> ============ recipient canonical map ==================
>
> @office.uncg.edu @uncg.edu
> @uncg.net @lotus.uncg.net
>
> =============== postconf -n
> ===================================================
>
>
> alias_database = dbm:/opt/pmx/postfix/etc/aliases
> alias_maps = dbm:/opt/pmx/postfix/etc/aliases
> bounce_queue_lifetime = 2d
> command_directory = /opt/pmx/postfix/sbin
> config_directory = /opt/pmx/postfix/etc
> content_filter = pmx:127.0.0.1:10025
> daemon_directory = /opt/pmx/postfix/libexec
> debug_peer_level = 2
> html_directory = no
> local_recipient_maps = dbm:/opt/pmx/postfix/etc/local_recipient_map
> mail_owner = postfix
> mailbox_size_limit = 102400000
> mailq_path = /opt/pmx/postfix/bin/mailq
> manpage_directory = /opt/pmx/postfix/man
> maximal_queue_lifetime = 2d
> message_size_limit = 102400000
> mydestination = tstpmx1.uncg.edu, uncg.edu, lists.uncg.edu,
> uncg.net, office.uncg.edu, uncg.info,
> spartan.uncg.edu, dcl.uncg.edu, lotus.uncg.net
> myhostname = tstpmx1.uncg.edu
> mynetworks = 127.0.0.0/8, 152.13.0.0/16, 10.0.14.10
> myorigin = $mydomain
> newaliases_path = /opt/pmx/postfix/bin/newaliases
> queue_directory = /opt/pmx/postfix/var/spool/mqueue
> readme_directory = /opt/pmx/postfix/doc
> recipient_canonical_maps =
> dbm:/opt/pmx/postfix/etc/recipient-canonical-map
> recipient_delimiter = +
> relay_domains =
> relayhost =
> sample_directory = /opt/pmx/postfix/doc/samples
> sender_bcc_maps = dbm:/opt/pmx/postfix/etc/sender_bcc
> sendmail_path = /opt/pmx/postfix/sbin/sendmail
> setgid_group = postdrop
> smtpd_client_connection_count_limit = 25
> smtpd_client_connection_rate_limit = 30
> smtpd_client_event_limit_exceptions = $mynetworks,216.57.200.38
> smtpd_client_restrictions = ignore_policy_error,check_policy_service
> inet:localhost:4466
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = reject_invalid_hostname,
> reject_unknown_recipient_domain, reject_unauth_destination,
> check_helo_access dbm:/opt/pmx/postfix/etc/helo_restrictions,
> check_recipient_access dbm:/opt/pmx/postfix/etc/local_recipient_map
> transport_maps = dbm:/opt/pmx/postfix/etc/transport
> unknown_local_recipient_reject_code = 550
> unverified_recipient_reject_code = 550
>
| Prev-Msg | Prev-Thread | Postfix-users | Mar-2008 | Next-Thread | Next-Msg |