Hi, I've got two gateway servers running postfix in front of the main mail servers and I want to start only accepting mail for valid recipients.
>From what I've read, adding check_recipient_access to my smtpd_recipient_restrictions the best way of doing this. In hash terms the file would look like this: [EMAIL PROTECTED] OK But I'd rather use mysql to do a lookup and see if an address is valid, what should the query look like? SELECT 'OK' FROM postfix WHERE username='%n' or SELECT IF (SELECT email FROM postfix WHERE username='%n') = '','REJECT', 'OK') Is there a better way to do the recipient validation? And is there a section in the documentation that covers how hash files etc are read? Figuring out the necessary MySQL query would be easier if I knew what postfix was looking for in a given instance. I've included my postconf -n below in case it would help. Thanks Guy [EMAIL PROTECTED]:~# postconf -n 2bounce_notice_recipient = [EMAIL PROTECTED] anvil_rate_time_unit = 60s bounce_notice_recipient = [EMAIL PROTECTED] bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 cyrus_sasl_config_path = /etc/postfix/sasl/ daemon_directory = /usr/lib/postfix debug_peer_level = 2 default_destination_concurrency_limit = 30 delay_notice_recipient = [EMAIL PROTECTED] error_notice_recipient = [EMAIL PROTECTED] home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.2.10/html mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maps_rbl_domains = sbl-xbl.spamhaus.org message_size_limit = 31240000 mynetworks = 127.0.0.0/8, 72.9.230.26, 10.0.7.184, 209.51.134.106 newaliases_path = /usr/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_alias_maps queue_directory = /var/spool/postfix rbl_reply_maps = hash:/etc/postfix/rbl_reply readme_directory = /usr/share/doc/postfix-2.2.10/readme sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_connection_count_limit = 30 smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 100 smtpd_client_recipient_rate_limit = 50 smtpd_error_sleep_time = 1s smtpd_hard_error_limit = 20 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_destination, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rhsbl_client zen.spamhaus.org, reject_rhsbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:10031, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem smtpd_tls_key_file = /etc/ssl/private/imapd.pem smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/virtual_transport_maps unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf proxy:mysql:/etc/postfix/mysql_virtual_catchall_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_transport = smtp:piranha.aluminati.org -- Don't just do something...sit there!
