[clue-admin] More Postfixing

Jed S. Baer cluemail at jbaer.cotse.net
Sat Jul 26 11:36:29 MDT 2008 

On Thu, 24 Jul 2008 06:24:39 -0600
David L. Anselmi wrote:

> >> I think if they weren't in aliases mail would get accepted for them
> >> and put on the spool.  The aliases are a way to send mail to those
> >> users to an account that might get read.
> > 
> > Okay, 90% was the wrong figure. But some of them really don't exist
> > in /etc/passwd.
> 
> Sounds like CentOS doesn't manage aliases very well.

I assume it's just a big catch-all aliases file, sort of a
one-size-fits-all approach. Of the 72, 45 did not match a real account.

> So if there's no account for an alias, just delete it.  Mail will be 
> rejected at SMTP (and if it isn't then our config needs fixing).

Yep. Whut I just did.
 
> I see you can alias to /dev/null so for the entries that do match 
> accounts you can do that.  (Mail will get accepted for those users but 
> that may be easier than figuring out how to reject it.)

Yeah, I've done that. Technically, it violates an RFC, but I don't
actually care about that with flaming intensity.

> >> So what you really want is a way to tell postfix "these users don't 
> >> exist" even though they have entries in the passwd file.
> >>
> >> It looks like some clues are here:
> >>
> >> http://www.postfix.org/LOCAL_RECIPIENT_README.html
> > 
> > Well, sort of. That's actually coming at "these users don't exist"
> > from the backside, by not specifying them as users that *do* exist.
> > Which will work. Main thing would be that if we add, e.g., another
> > mailing list, then someone has to remember to put all the Mailman
> > aliases into the local recipient list.
> 
> Maybe not.  If you use $alias_maps and that comes from the alias file
> it will already be done.  Even so you already have to add them to
> aliases so it's easy to put a reminder there.  (Exim is more elegant
> about mailman lists.)

I'll have to come back to that and think some more. In the short term,
once the non-account aliases were gone, I figured it wasn't too bad to
restrict the rest to local-only mail using the accessdb.

> At SMTP time you use the values in the SMTP, not the message.

And headers, if you want to, and even the body, but the docs recommend
against doing too much of that due to the increased time it takes to
process incoming mail. Yes, Postfix lets you do that. I'm doing a small
amount of it, but eventually will let Spamassasin handle most of those
chores. Gotta get the RBL lookups in place first.

> > Part of what I hope to do is not generate bounces, because that could
> > backfire into a ton of backscatter spam.
> 
> I don't think that will happen.  But it's easy to test.

Well, I'll find out soon enough, I guess.

jed

More information about the clue-admin mailing list