Postfix – Block email from non-existent local addresses

emailpostfixsmtpspam

My question is very similar to this one, but for postfix.

We keep getting emails from addresses like "accounting@example.com" delivered to our actual "@example.com" addresses. From my google research, I understand it might not be practical to verify the email originated from our IP or VPN (Although this would be ideal, so if you can think of a way to do this, let me know), but in most of these cases the sender address (ex. "accounting") is not a valid account.

I imagine there must be a way to make sure that a local account exists before delivering the message.

Best Answer

You'll want to add reject_unlisted_sender to your smtpd_sender_restrictions.

Without a little planning this will also reject mail from root@hostname.example.com as well, so keep that in mind.

smtpd_reject_unlisted_sender
Request that the Postfix SMTP server rejects mail from unknown sender addresses. This can slow down an explosion of forged mail from worms or viruses.

An address is always considered "known" when it matches a virtual(5) alias or a canonical(5) mapping.

The sender domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the sender is not listed in $local_recipient_maps, and $local_recipient_maps is not null.

The sender domain matches $virtual_alias_domains but the sender is not listed in $virtual_alias_maps.

The sender domain matches $virtual_mailbox_domains but the sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps is not null.

The sender domain matches $relay_domains but the sender is not listed in $relay_recipient_maps, and $relay_recipient_maps is not null.

This feature is available in Postfix 2.1 and later.

Related Solutions

Exim not sending email to our own email addresses

man update-exim4.conf
   dc_other_hostnames
          is  used to build the local_domains list, together with "localhost".  This is the list of domains
          for which this machine should consider itself the final destination. The local_domains list  ends
          up in the macro MAIN_LOCAL_DOMAINS.

check in autogenerated exim.conf for smth like this:

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
  no_more

This means that message is routed through remote delivery (remote_smtp transport) if domain in rcpt address is different than local_domains. If not, message goes to another router, some router accepts it and in your case it ends up in local delivery transport.

I'm sorry, but in your case you should go full hog on Exim and learn configuring Exim manually. update-exim4.conf is for typical cases.

Postfix – How to Configure Postfix to Discard Emails to One Domain and Relay Others

Well I seem to have managed to figure this out with a bit of searching & testing. Here's what I had to do:

In /etc/postfix/main.cf:

transport_maps = hash:/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = static:<relayhost username>:<relayhost password>
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
start_tls = yes

In /etc/postfix/transport:

localhost discard: 
localhost.localdomain discard:
* relay:[smtp.relayhost.com]:587

Relaying apparently also bypasses the alias_maps directive, so for aliases to continue working I had to comment out both alias_maps and alias_database, and replace them with virtual_alias_maps. The format of the virutal_alias_map is identical to alias_maps, so that was an easy change to make.

With these changes in place just restart postfix and also run "postmap /etc/postfix/transport" to build transport.db. Now everything addressed to @localhost or @localhost.localdomain is discarded while everything else is relayed through the specified host.

Best Answer

Related Solutions

Exim not sending email to our own email addresses

Postfix – How to Configure Postfix to Discard Emails to One Domain and Relay Others

Related Topic