How to stop Postfix from accepting mail to root@hostname.localdomain

postfix

How can I stop Postfix from accepting mail to local-users @ my-FQDN from the outside world?

$ hostname -f
hostname.example.com

Postfix is accepting mail to any-local-user at my-FQDN. So we'll use root@hostname.example.com as the example local user I want to stop receiving mail for from the outside world.

I have a pretty basic Postfix/Dovecot/SASL/LDA setup, but let me share some of the details.

  • Receive mail for virtual local domains/users on :25
  • Virtual users send mail on :587 authenticated via Dovecot SASL

I've tried reversing users in /etc/aliases and Postfix's virtual_alias_maps.cf, but no luck. I've run newaliases and postmap after updating them.

#/etc/aliases:
#root: user@example.com

#/etc/postfix/virtual_alias_maps.cf:
root user@example.com

I think I have FOUR* (updated) choices left…

  1. In postfix/main.cf, mess with mydestination. I'm pretty sure I need to keep my FQDN here, so I don't think removing it is a good option. EDIT: Yes, although removing your FQDN from mydestination disables the outside world from sending mail to local users, this is not the proper way to disable it because that hoses other things.
  2. In postfix/main.cf, is there a setting for smtpd_recipient_restrictions to disable this? I can't find one in the docs.
  3. Hope that someone reads this who knows the right way.

Here is the relevant part of my Postfix main.cf:

myhostname = hostname.example.com
mydomain = example.com
mydestination = $myhostname, localhost.$mydomain, localhost

smtpd_recipient_restrictions =
    reject_unknown_recipient_domain,
    reject_non_fqdn_recipient,
    reject_unauth_destination,
    permit_mynetworks,
    permit

Here is the relevant part of my Postfix master.cf:

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_recipient_restrictions=
     reject_unknown_recipient_domain,
     reject_non_fqdn_recipient,
     permit_sasl_authenticated,
     reject

P.S. Here is the HowTo I took a lot of my setup from: VirtualUserFlatFilesPostfix

Best Answer

Just remove $myhostname from mydestination and restart postfix

Related Topic