Fri, 24 Feb 2006, by drankin@cox-internet.com:
From: "Theo v. Werkhoven"
Thu, 23 Feb 2006, by drankin@cox-internet.com:
[..]
sales@rankin-bertin.com REJECT assistance@rankin-bertin.com REJECT [..] Is there an easier way to do this??? I plan on adding all system accounts to the file.
Sorry for barging in, but that is absolutely the wrongest way possible to do this. If you don't want mail for a user, be it local or virtual, then just do not put the user in your aliases table, [..]
Thanks Theo, that is good information. And, I appologize, I didn't really mean "all system accounts." The problem is those creative spammers are beginning to send spam to users like uucp@rankin-bertin.com, etc... What I am looking for is a way to have postfix reject mail sent to these accounts with 550. My current setup is this:
[root@bonza david]# postconf -n <snip> mydestination = $myhostname, localhost.$mydomain, $mydomain, rankin-bertin.com, guillorylaw.com, rankinlawfirm.com, drrankin.com myorigin = $mydomain <snip> smtpd_hard_error_limit = 3 smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_check unknown_local_recipient_reject_code = 550
This setup looks ok. If there are no unwanted users in the tables I mentioned earlier, you should see dictionary attacks and mail to fantasy names be rejected in the log. My recipient_restiction rules: smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_unlisted_recipient, check_recipient_access hash:/etc/postfix/recipient-whitelist, check_recipient_access cidr:/etc/postfix/ok-clients, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 9.2 + Jabber: muadib@jabber.xs4all.nl Kernel 2.6.8 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply.