On Behalf Of Christopher Stolzenberg
Hi,
danke. Das leuchtet mir ein.
Also darf ich reject_unverified_recipient nur auf die Domains anwenden für die mein Postfix zuständig ist? Meine relay_domains?
RTFM
Lt DNS kommen eh nur diese Adressen zu dir. Steht ein anderer Domainanteil im to wie die für du zuständig bist und du würdest die annehmen und transportieren dann wärst du ein offenes Relay.
Wenn ein Spammer das machen würde:
MAIL FROM: xyz@spammer.com und RCPT TO: test@example.net
würde mein Postfix Server bei dem Mailserver von example.net überprüfen ob es die Adresse test@example.net gibt?
Wenn du für example.net zuständig bist, im DNS als MX eingetragen dann ja andernfalls würdest du diese Mail nie sehen.
Obwohl ich mit der Domain example.net gar nichts zu tun habe?
NEIN dann nicht (Ausnahme wäre relayversuche die aber anders abgefangen werden)
Ich habe gedacht das reject_unverified_recipient wendet Postfix nur auf die relay_domains an? Also muss ich es mit smtpd_recipient_restrictions = check_recipient_access machen weil ich ja nur die relay_domains die
Nö check_recipient_access type:table Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action
der Firma gehören überprüfen will.
reject_unverified_recipient Reject the request when mail to the RCPT TO address is known to bounce, or when the recipient address destination is not reachable. Address verification information is managed by the verify(8) server; see the ADDRESS_VERIFICATION_README file for details.
The unverified_recipient_reject_code parameter specifies the numerical response code when an address is known to bounce (default: 450, change into 550 when you are confident that it is safe to do so). The unverified_recipient_defer_code parameter specifies the numerical response code when an address probe failed due to a temporary problem (default: 450). The unverified_recipient_tempfail_action parameter specifies the action after addres probe failure due to a temporary problem (default: defer_if_permit). This feature is available in Postfix 2.1 and later. Other restrictions that are valid in this context:
Generic restrictions that can be used in any SMTP command context, described under smtpd_client_restrictions. SMTP command specific restrictions described under smtpd_client_restrictions, smtpd_helo_restrictions and smtpd_sender_restrictions. Example:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_reject_unlisted_recipient (default: yes) Request that the Postfix SMTP server rejects mail for unknown recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. This prevents the Postfix queue from filling up with undeliverable MAILER-DAEMON messages.
An address is always considered "known" when it matches a virtual(5) alias or a canonical(5) mapping.
The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null. The recipient domain matches $virtual_alias_domains but the recipient is not listed in $virtual_alias_maps. The recipient domain matches $virtual_mailbox_domains but the recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps is not null. The recipient domain matches $relay_domains but the recipient is not listed in $relay_recipient_maps, and $relay_recipient_maps is not null. This feature is available in Postfix 2.1 and later.
Mit freundlichen Grüßen
Drießen