0

I almost have my perfect Postfix (v3.3.1) setup on CentOS8. My goals are to:

  • Allow services to send emails to linux users. (crontab to root)
  • Do not accept public email for linux users. ([email protected])
  • Define which users to receive public email without making linux users for them.

I managed to accomplish the above but with one side effect i can't figure out how to prevent. Some of what i have done so far:

myhostname = server.foobar.com mydomain = foobar.com myorigin = $myhostname mydestination = $myhostname, localhost mail_spool_directory = /var/spool/mail virtual_transport = virtual virtual_mailbox_domains = foobar.com virtual_mailbox_base = /var/spool/email/

This bit tells Postfix any mail sent by a service to a user gets $myhostname added ([email protected]) and it gets delivered to the standard system email in /var/spool/mail.

Any email sent to a linux user at the domain as [email protected] gets treated as a virtual domain, looks for a virtual user and if there isn't one rejects the email.

If i add a virtual user (like webmaster) any email sent to that user ([email protected]) gets accepted and delivered to /var/spool/email/... keeping public email separate from system email.

THE Problem...

If anyone gets wise enough to send an email to the hostname ([email protected]) from the internet it gets accepted and delivered into /var/spool/mail. I can't figure out how to block this.

I have tried setting default_transport = error:Domain doesn't accept email. but that didn't change the behavior. The docs do not support this feature but i saw it mentioned in a forum so i tried it.

It is not important for me to keep linux users as user@$myhostname, this was just the only way i could figure out how to keep linux users separate from virtual users on the same domain name to prevent spammers from hitting [email protected], [email protected], etc.

Other config settings if important:

html_directory = no local_recipient_maps = luser_relay = postmaster mail_spool_directory = /var/spool/mail meta_directory = /etc/postfix mydestination = $myhostname, localhost mydomain = foobar.com myhostname = server.foobar.com mynetworks_style = host myorigin = $myhostname relay_domains = relayhost = virtual_mailbox_base = /var/spool/email/ virtual_mailbox_domains = foobar.com virtual_transport = virtual

Any ideas or another way to go about this?

Improve this question

1 Answer 1

Reset to default
0

I found a solution.

Keeping the myorigin = $myhostname way of separating local users from virtual users on the same domain as stated in my question.

In the smtpd_recipient_restrictions section of main.cf, after you permit_mynetworks add check_recipient_access pointing to a list. I used hash:, it looked something like:

# Don't include the "...", its just to show this is among other settings smtpd_recipient_restrictions = ... permit_mynetworks check_recipient_access hash:/etc/postfix/block_mydomain ...

Then create the list/hash file /etc/postfix/block_mydomain

hostname.domain.com 513 Invalid domain.

Save the file and run postmap block_mydomain to create the *.db version.

Then restart postfix systemctl restart postfix and that should do it.

I tested it and i can send mail using the sendmail command locally to any linux user. Crontab can send email to local linux users. But if you send an email from the internet to [email protected] it gets bounced. And in case you're wondering the [email protected] still gets accepted and discarded.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.