wildcard domains
in [Postfix]
|
Prev: sasl with postfix
Next: some addresses failing : Recipient address rejected: unverified address: unknown user:
From: "Zachary Burns" on 25 May 2010 13:01 Can you also do something like *@*.ru and *@*.tw (bounce all mail from russian, tiawan spammers, etc) Zack -----Original Message----- From: owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] On Behalf Of Wietse Venema Sent: Tuesday, May 25, 2010 12:37 PM To: Postfix users Subject: Re: wildcard domains Phil Howard: > On Tue, May 25, 2010 at 10:36, Wietse Venema <wietse(a)porcupine.org> wrote: > > > Postfix supports wildcards via regexp/pcre tables. > > > > ?1) You can use them for all the tables that define Postfix address > > ? ?classes: mydestination + aliases, virtual_alias_domains + > > ? ?virtual_alias_maps, virtual_mailbox_domains + virtual_mailbox_maps, > > ? ?relay_domains + relay_recipient_maps. > > > > ? ?Simply replacing one domain name by another does not produce the > > ? ?expected result. > > That's what I'm afraid of ... particularly if it can result in > backscatter or open relay. I need to get the test of the valid user > done at RCPT time, obviously. But the addressed domain could be > foobar.example.com or xyzzy.example.com or anything else in front of > the domain, without me knowing what these could be in advance. So I > can't just have a table of all possible valid user(a)hostpart.domain. I > can have all valid user(a)domain even though RCPT can name > user(a)hostpart.domain. Postfix supports wildcards via regexp/pcre tables: /^user@.*\.example\.com$/ will match the user in any subdomain of example.com. > > ?2) Postfix 2.7 supports SMTP command rewriting (smtpd_command_filter) > > ? ?However this would produce an incorrect error message: > > > > ? ?RCPT TO:<user(a)foo.example.com> > > ? ? ? ?smtpd_command_filter strips this to ``RCPT TO:<user(a)example.com>'' > > ? ? ? ?The Postfix SMTP server then responds with: > > ? ?550 5.1.1 <user(a)example.com> User unknown In this example, the user really does not exist. Postfix does not produce an error message when user(a)example.com exists. Wietse __________ Information from ESET NOD32 Antivirus, version of virus signature database 5144 (20100525) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 5145 (20100525) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
From: Glenn English on 25 May 2010 13:10 On May 25, 2010, at 11:01 AM, Zachary Burns wrote: > Can you also do something like *@*.ru and *@*.tw (bounce all mail from > russian, tiawan spammers, etc) I have: > ru REJECT *.ru rejected by sender_checks > .ru REJECT *.ru rejected by sender_checks in my sender checks. I think there was (is?) a need for the double entry (one with '.'), so my shell script just enters it twice. Works. Except that it rejects Russian spammers only when the Mail From header says they're from a .ru. Something similar in client checks works when they claim to be gmail, but their IP says they're .ru. And this works only if there's an inverse lookup. I think. -- Glenn English ghe(a)slsware.com
From: Ansgar Wiechers on 25 May 2010 15:43 On 2010-05-25 Glenn English wrote: > On May 25, 2010, at 11:01 AM, Zachary Burns wrote: >> Can you also do something like *@*.ru and *@*.tw (bounce all mail >> from russian, tiawan spammers, etc) > > I have: > >> ru REJECT *.ru rejected by sender_checks >> .ru REJECT *.ru rejected by sender_checks > > in my sender checks. I think there was (is?) a need for the double > entry (one with '.') That's controlled by presence/absence of the string smtpd_access_maps in $parent_domain_matches_subdomains. See "man 5 access". Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: Phil Howard on 25 May 2010 15:49 On Tue, May 25, 2010 at 12:37, Wietse Venema <wietse(a)porcupine.org> wrote: > Phil Howard: >> On Tue, May 25, 2010 at 10:36, Wietse Venema <wietse(a)porcupine.org> wrote: >> >> > Postfix supports wildcards via regexp/pcre tables. >> > >> > ?1) You can use them for all the tables that define Postfix address >> > ? ?classes: mydestination + aliases, virtual_alias_domains + >> > ? ?virtual_alias_maps, virtual_mailbox_domains + virtual_mailbox_maps, >> > ? ?relay_domains + relay_recipient_maps. >> > >> > ? ?Simply replacing one domain name by another does not produce the >> > ? ?expected result. >> >> That's what I'm afraid of ... particularly if it can result in >> backscatter or open relay. I need to get the test of the valid user >> done at RCPT time, obviously. But the addressed domain could be >> foobar.example.com or xyzzy.example.com or anything else in front of >> the domain, without me knowing what these could be in advance. So I >> can't just have a table of all possible valid user(a)hostpart.domain. I >> can have all valid user(a)domain even though RCPT can name >> user(a)hostpart.domain. > > Postfix supports wildcards via regexp/pcre tables: > /^user@.*\.example\.com$/ will match the user in any subdomain of > example.com. But this is still going to be a big table with individual entries for all users? > >> > ?2) Postfix 2.7 supports SMTP command rewriting (smtpd_command_filter) >> > ? ?However this would produce an incorrect error message: >> > >> > ? ?RCPT TO:<user(a)foo.example.com> >> > ? ? ? ?smtpd_command_filter strips this to ``RCPT TO:<user(a)example.com>'' >> > ? ? ? ?The Postfix SMTP server then responds with: >> > ? ?550 5.1.1 <user(a)example.com> User unknown > > In this example, the user really does not exist. Postfix does not > produce an error message when user(a)example.com exists. But if I just use a pattern for "user", it's going to look valid no matter what username is mailed to, and my server becomes a backscatter source. So I need to have the user in there, it seems. Same problem as my other need to translate a domain.
From: Wietse Venema on 25 May 2010 15:59 Phil Howard: > On Tue, May 25, 2010 at 12:37, Wietse Venema <wietse(a)porcupine.org> wrote: > > Phil Howard: > >> On Tue, May 25, 2010 at 10:36, Wietse Venema <wietse(a)porcupine.org> wrote: > >> > >> > Postfix supports wildcards via regexp/pcre tables. > >> > > >> > ?1) You can use them for all the tables that define Postfix address > >> > ? ?classes: mydestination + aliases, virtual_alias_domains + > >> > ? ?virtual_alias_maps, virtual_mailbox_domains + virtual_mailbox_maps, > >> > ? ?relay_domains + relay_recipient_maps. > >> > > >> > ? ?Simply replacing one domain name by another does not produce the > >> > ? ?expected result. > >> > >> That's what I'm afraid of ... particularly if it can result in > >> backscatter or open relay. ?I need to get the test of the valid user > >> done at RCPT time, obviously. ?But the addressed domain could be > >> foobar.example.com or xyzzy.example.com or anything else in front of > >> the domain, without me knowing what these could be in advance. ?So I > >> can't just have a table of all possible valid user(a)hostpart.domain. ?I > >> can have all valid user(a)domain even though RCPT can name > >> user(a)hostpart.domain. > > > > Postfix supports wildcards via regexp/pcre tables: > > /^user@.*\.example\.com$/ will match the user in any subdomain of > > example.com. > > But this is still going to be a big table with individual entries > for all users? You need one table entry per user somewhere, otherwise you can't reject mail for users that don't exist. > >> > ?2) Postfix 2.7 supports SMTP command rewriting (smtpd_command_filter) > >> > ? ?However this would produce an incorrect error message: > >> > > >> > ? ?RCPT TO:<user(a)foo.example.com> > >> > ? ? ? ?smtpd_command_filter strips this to ``RCPT TO:<user(a)example.com>'' > >> > ? ? ? ?The Postfix SMTP server then responds with: > >> > ? ?550 5.1.1 <user(a)example.com> User unknown > > > > In this example, the user really does not exist. Postfix does not > > produce an error message when user(a)example.com exists. > > But if I just use a pattern for "user", it's going to look valid no > matter what username is mailed to, and my server becomes a backscatter > source. So I need to have the user in there, it seems. Same problem > as my other need to translate a domain. In the example, Postfix replaces the domain in the RCPT TO command, pretends that the client sends "RCPT TO:<user(a)example.com>". You still need one table entry per user somewhere, otherwise you can't reject mail for users that don't exist. Wietse
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: sasl with postfix Next: some addresses failing : Recipient address rejected: unverified address: unknown user: |