Re: Local Delivery Without Non-alias Usernames
Sabahattin Gucukoglu: Hello all, I'm setting up Postfix 2.6, speculatively, reading through the documentation and building my configuration. It appears that the scenario I want is somewhere between virtual and local deliveries. What I want to do: .forward support, /etc/aliases support, detail address (user-foo) support. What I do not want: mail being delivered or accepted to bin, daemon, and other nonsense. The machine is only serving me and my services, all implemented as aliases. My alias is not equal to my username, which itself doesn't get mail and doesn't want it, thank you very much. Therefore, everything is an alias, there will never be, and I don't want, deliveries for non-alias or non-.forward-style deliveries referenced through an alias. Can somebody explain if there is some right way to do this? Am I even thinking along the right lines? Perhaps I should implement this another way. Right now I would be using local(8) and access I recommend that you make a distinction between inside and outside views. - For the inside view, alias all system accounts (bin, daemon, etc) to the primary user. You don't want to throw away mail that is related to activity by local processes. - For the outside view, set local_recipient_maps to a table that lists only accounts that are to supposed to receive mail from outside the machine. There is no legitimate reason to send mail to (bin, daemon, etc) from outside. /etc/postfix/main.cf: local_recipient_maps = hash:/etc/postfix/local /etc/postfix/local: # bare username, not u...@domain foo whatever bar whatever ... Where whatever can be any non-empty string. http://www.postfix.org/postconf.5.html#local_recipient_maps http://www.postfix.org/DATABASE_README.html#lists Wietse
Re: Local Delivery Without Non-alias Usernames
On Sat, Apr 24, 2010 at 01:24:37PM +0100, Sabahattin Gucukoglu wrote: I'm setting up Postfix 2.6, speculatively, reading through the documentation and building my configuration. It appears that the scenario I want is somewhere between virtual and local deliveries. What I want to do: .forward support, /etc/aliases support, detail address (user-foo) support. The latter is supported by all address classes, see recipient_delimiter. What I do not want: mail being delivered or accepted to bin, daemon, and other nonsense. IME this is not a problem worth worrying about. Those might be hit when you get a dictionary attack, but not often. The machine is only serving me and my services, all implemented as aliases. My alias is not equal to my username, which itself doesn't get mail and doesn't want it, thank you very much. Therefore, everything is an alias, there will never be, and I don't want, deliveries for non-alias or non-.forward-style deliveries referenced through an alias. Can somebody explain if there is some right way to do this? Am I even thinking along the right lines? Perhaps I should implement this another way. Right now I would be using local(8) and access restrictions to prevent accepting mail for anything not configured in /etc/aliases, but this is somewhat awkward because it means maintaining two separate tables. There's no way around the multiple tables that I can see, but there are numerous trivial ways to do this. Well, multiple tables is not quite right. Generally it seems like passwd(5) and one other. 1. local_recipient_maps = $alias_maps, then keep all your valid addresses in the aliases(5) file. 2. A check_recipient_access map listing the valid addresses added to smtpd_recipient_restrictions in place of reject_unauth_destination, followed by reject. This access(5) map would have entries like this: addr...@real.domainpermit_auth_destination 3. The virtual ALIAS example in VIRTUAL_README; list valid addresses in virtual_alias_maps; put the real Internet domain in virtual_alias_domains, and put only localhost, localhost.$mydomain in mydestination. Your virtual_alias_maps entries are as such: al...@real.domainusern...@localhost Among many. I would probably choose #3. Please do also check the BASIC_CONFIGURATION_README and ensure that everything mentioned in there is set as you need (or is fine with default settings.) -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header 2
Re: Local Delivery Without Non-alias Usernames
On 24 Apr 2010, at 13:57, Wietse Venema wrote: Sabahattin Gucukoglu: I'm setting up Postfix 2.6, speculatively, reading through the documentation and building my configuration. It appears that the scenario I want is somewhere between virtual and local deliveries. What I want to do: .forward support, /etc/aliases support, detail address (user-foo) support. What I do not want: mail being delivered or accepted to bin, daemon, and other nonsense. The machine is only serving me and my services, all implemented as aliases. My alias is not equal to my username, which itself doesn't get mail and doesn't want it, thank you very much. Therefore, everything is an alias, there will never be, and I don't want, deliveries for non-alias or non-.forward-style deliveries referenced through an alias. Can somebody explain if there is some right way to do this? Am I even thinking along the right lines? Perhaps I should implement this another way. Right now I would be using local(8) and access I recommend that you make a distinction between inside and outside views. - For the inside view, alias all system accounts (bin, daemon, etc) to the primary user. You don't want to throw away mail that is related to activity by local processes. - For the outside view, set local_recipient_maps to a table that lists only accounts that are to supposed to receive mail from outside the machine. There is no legitimate reason to send mail to (bin, daemon, etc) from outside. /etc/postfix/main.cf: local_recipient_maps = hash:/etc/postfix/local /etc/postfix/local: # bare username, not u...@domain foowhatever bar whatever ... Where whatever can be any non-empty string. http://www.postfix.org/postconf.5.html#local_recipient_maps http://www.postfix.org/DATABASE_README.html#lists Okay, this looks great, but I have clearly missed a beat here, that check is being done in smtpd. Does this mean that recipient_delimiter is checked in smtpd as well as in the delivery agent itself? That's how LOCAL_RECIPIENT_README looks to me. Because if it does, I'm made. :-) I'm clearly spoiled, coming from sendmail. Cheers, Sabahattin
Re: Local Delivery Without Non-alias Usernames
Sabahattin Gucukoglu: On 24 Apr 2010, at 13:57, Wietse Venema wrote: Sabahattin Gucukoglu: I'm setting up Postfix 2.6, speculatively, reading through the documentation and building my configuration. It appears that the scenario I want is somewhere between virtual and local deliveries. What I want to do: .forward support, /etc/aliases support, detail address (user-foo) support. What I do not want: mail being delivered or accepted to bin, daemon, and other nonsense. The machine is only serving me and my services, all implemented as aliases. My alias is not equal to my username, which itself doesn't get mail and doesn't want it, thank you very much. Therefore, everything is an alias, there will never be, and I don't want, deliveries for non-alias or non-.forward-style deliveries referenced through an alias. Can somebody explain if there is some right way to do this? Am I even thinking along the right lines? Perhaps I should implement this another way. Right now I would be using local(8) and access I recommend that you make a distinction between inside and outside views. - For the inside view, alias all system accounts (bin, daemon, etc) to the primary user. You don't want to throw away mail that is related to activity by local processes. - For the outside view, set local_recipient_maps to a table that lists only accounts that are to supposed to receive mail from outside the machine. There is no legitimate reason to send mail to (bin, daemon, etc) from outside. /etc/postfix/main.cf: local_recipient_maps = hash:/etc/postfix/local /etc/postfix/local: # bare username, not u...@domain foo whatever bar whatever ... Where whatever can be any non-empty string. http://www.postfix.org/postconf.5.html#local_recipient_maps http://www.postfix.org/DATABASE_README.html#lists Okay, this looks great, but I have clearly missed a beat here, that check is being done in smtpd. Does this mean that recipient_delimiter is checked in smtpd as well as in the delivery agent itself? That's how LOCAL_RECIPIENT_README looks to me. Because if it does, I'm made. :-) I'm clearly spoiled, coming from sendmail. If something looks up an address in some table, then it will look up both the extended and unextended version. Otherwise, either some mail would be lost, or some barrier would be skipped. Wietse