Ping a Specific Port

Question

Jeff

Asked: 2013-07-09 05:33:32 +0800 CST2013-07-09 05:33:32 +0800 CST 2013-07-09 05:33:32 +0800 CST

How to stop Postfix from accepting mail to [email protected]

772

How can I stop Postfix from accepting mail to local-users @ my-FQDN from the outside world?

$ hostname -f
hostname.example.com

Postfix is accepting mail to any-local-user at my-FQDN. So we'll use [email protected] as the example local user I want to stop receiving mail for from the outside world.

I have a pretty basic Postfix/Dovecot/SASL/LDA setup, but let me share some of the details.

Receive mail for virtual local domains/users on :25
Virtual users send mail on :587 authenticated via Dovecot SASL

I've tried reversing users in /etc/aliases and Postfix's virtual_alias_maps.cf, but no luck. I've run newaliases and postmap after updating them.

#/etc/aliases:
#root: [email protected]

#/etc/postfix/virtual_alias_maps.cf:
root [email protected]

I think I have FOUR* (updated) choices left...

In postfix/main.cf, mess with mydestination. I'm pretty sure I need to keep my FQDN here, so I don't think removing it is a good option. EDIT: Yes, although removing your FQDN from mydestination disables the outside world from sending mail to local users, this is not the proper way to disable it because that hoses other things.
In postfix/main.cf, is there a setting for smtpd_recipient_restrictions to disable this? I can't find one in the docs.
Hope that someone reads this who knows the right way.

Here is the relevant part of my Postfix main.cf:

myhostname = hostname.example.com
mydomain = example.com
mydestination = $myhostname, localhost.$mydomain, localhost

smtpd_recipient_restrictions =
    reject_unknown_recipient_domain,
    reject_non_fqdn_recipient,
    reject_unauth_destination,
    permit_mynetworks,
    permit

Here is the relevant part of my Postfix master.cf:

submission inet n       -       -       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
  -o smtpd_recipient_restrictions=
     reject_unknown_recipient_domain,
     reject_non_fqdn_recipient,
     permit_sasl_authenticated,
     reject

P.S. Here is the HowTo I took a lot of my setup from: VirtualUserFlatFilesPostfix

2 Answers

Voted

ALex_hha · Answer 1 · 2013-07-10T03:13:46+08:00

Best Answer

ALex_hha

2013-07-10T03:13:46+08:002013-07-10T03:13:46+08:00

Just remove $myhostname from mydestination and restart postfix

3

NickW · Answer 2 · 2013-07-09T06:21:11+08:00

NickW

2013-07-09T06:21:11+08:002013-07-09T06:21:11+08:00

You mention smtp_recipient_restrictions, have you actually tried adding the line check_recipient_access hash:/etc/postfix/recipient_access?

Place it as the first line before reject_unknown_recipient_domain, then in /etc/postfix/recipient_access add the line:

[email protected] REJECT

(don't forget to postmap /etc/postfix/recipient_access)

BTW, the postmaster address should always be available, but I have never seen an RFC that said that root had to be available, although I haven't read every single RFC that relates to SMTP.

1

How to stop Postfix from accepting mail to [email protected]

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?