Perhaps I am trying to do the impossible. centos6, spamassassin, procmail, dovecot, postfix.
Postfix, by default, accepts all incoming mail to any user listed in the shadow/passwd and alias files.
I cannot find a way to stop that without manually blocking each non wanted user (like nobody, apache) without killing local delivery.
For most of the users listed in those files, who cares. However for one, root, this is a massive issue.
Root gets a lot of mail from errors on the system. Preventing local delivery (or through the alias file, delivery through root to another user) makes root never receive those important mails.
Not preventing root from incoming mails means root@example.com can be slammed with spam.
Local and external mail all seem to go through all of the programs (postfix, procmail, spamassassin, dovecot).
Local delivery of mails is needed for root.
What I would like is to just tell postfix to only allow incoming mail for user1 and user2 and reject all...but only from external sources, not locally sent mail.
Postfix does seem to allow you to limit who can send mail out of the server though...
I have 2 books on postfix here and spent many days online but I do not see the solution short of /dev/null or reject of all mail, local or external, of root.
perplexed.
On 03/05/12 8:50 PM, Bob Hoffman wrote:
I have 2 books on postfix here and spent many days online but I do not see the solution short of /dev/null or reject of all mail, local or external, of root.
shouldn't be hard to cook up a procmail recipe for that.
John Pierce wrote:
On 03/05/12 8:50 PM, Bob Hoffman wrote:
/>>> I have 2 books on postfix here and spent many days online but I do not
/>>>>/ see the solution short of /dev/null or reject of all mail, local or />/>>> external, of root. /
shouldn't be hard to cook up a procmail recipe for that.
I was working on that. However, when the local mail is sent to a local recipient, postfix gets it first and appends the domain name on it..so it is going to 'root@example.com' instead of root@localhost. So that failed for me.
The source emails seem to have this (or something like it) when root sends a mail (Postfix, from userid 0) And that could be good...for root to root.
I was thinking maybe a script that looks for 'from userid' but not a number. I get the inkling that local mail sending has that.
However, for postfix to be that completely wide open as a mail server is about enough to send me back to sendmail which never had such issues.
Seems odd that postfix itself has no mechanism to prevent mail to any user listed in the alias or passwd file. And no way to prevent root from being spammed to high heaven.
/dev/null-ing root seems to kill security even more since you cannot get important information should a service freak out.
Gonna try playing with procmail on this, but just about ready to uninstall postfix and go back to sendmail.
Everyone kept hooting up postfix as easier than sendmail and good too...however this one issue makes it light years behind sendmail for me.
Strange that postfix can very easily be made to only allow certain users to send mail out of the box but forcibly allows any user in the system to get mail sent to it... with no way to stop it.
lovely. If I come up with a solution that works, will post
On Mon, Mar 5, 2012 at 10:50 PM, Bob Hoffman bob@bobhoffman.com wrote:
Perhaps I am trying to do the impossible. centos6, spamassassin, procmail, dovecot, postfix.
Postfix, by default, accepts all incoming mail to any user listed in the shadow/passwd and alias files.
I cannot find a way to stop that without manually blocking each non wanted user (like nobody, apache) without killing local delivery.
For most of the users listed in those files, who cares. However for one, root, this is a massive issue.
Root gets a lot of mail from errors on the system. Preventing local delivery (or through the alias file, delivery through root to another user) makes root never receive those important mails.
Not preventing root from incoming mails means root@example.com can be slammed with spam.
Local and external mail all seem to go through all of the programs (postfix, procmail, spamassassin, dovecot).
Local delivery of mails is needed for root.
What I would like is to just tell postfix to only allow incoming mail for user1 and user2 and reject all...but only from external sources, not locally sent mail.
Postfix does seem to allow you to limit who can send mail out of the server though...
I have 2 books on postfix here and spent many days online but I do not see the solution short of /dev/null or reject of all mail, local or external, of root.
The approach I always liked with sendmail was to have a separate machine facing the internet to receive mail for the domain with no local users of its own using either aliases or virtusers to forward accepted messages to the internal delivery host(s). A virtual machine would work if you don't have enough traffic (or spam) to keep a real server busy.
On 03/05/2012 08:50 PM, Bob Hoffman wrote:
Perhaps I am trying to do the impossible. centos6, spamassassin, procmail, dovecot, postfix.
Postfix, by default, accepts all incoming mail to any user listed in the shadow/passwd and alias files.
I cannot find a way to stop that without manually blocking each non wanted user (like nobody, apache) without killing local delivery.
For most of the users listed in those files, who cares. However for one, root, this is a massive issue.
Root gets a lot of mail from errors on the system. Preventing local delivery (or through the alias file, delivery through root to another user) makes root never receive those important mails.
Not preventing root from incoming mails means root@example.com can be slammed with spam.
Local and external mail all seem to go through all of the programs (postfix, procmail, spamassassin, dovecot).
Local delivery of mails is needed for root.
What I would like is to just tell postfix to only allow incoming mail for user1 and user2 and reject all...but only from external sources, not locally sent mail.
Postfix does seem to allow you to limit who can send mail out of the server though...
I have 2 books on postfix here and spent many days online but I do not see the solution short of /dev/null or reject of all mail, local or external, of root.
perplexed. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Postfix is incredibly flexible in what it can do. Using virtual domains gives you the most flexibility in terms of not tying local users directly to mail users. You can setup a postgres or mysql database and then define an sql query that determines dynamically what mail the smtp server will accept. For example, I have in my smtpd_recipient_restrictions
permit_sasl_authenticated permit_mynetworks check_recipient_access proxy:pgsql:/etc/postfix/vpm_recipient_access . . .
Then, in vpm_recipient_access I have the following sql query which runs dynamically each time an smtp message is transmitted:
query=select coalesce( (select 'DUNNO'::text from users u where u.domainsname=(select coalesce\ (aliasedto,name) from domains where name='%d' and active) and u.active), (select 'REJECT No such domain "%d"'::text where '%d' NOT IN (select na\ me from domains where active)), 'REJECT No such user "%u" in domain "%d"'::text)
You can also define your own policy daemon, which I do as well, but the advantage of the database query above is that it is very fast and works well on a busy mail server. The policy daemon can be written in python or perl, but then the decision making process is much slower. So I try to weed out and reject as much spam using the fastest mechanisms and save the slower mechanisms for whatever can't be handled in other ways.
This is all well documented on thehttp://www.postfix.org/ http://www.postfix.org/and if you install one of the many available mail packages that include postfix, they will setup all of the virtual domain stuff and provide you with a policy daemon that you can customize to your needs.
Also, check out the postfix mailing list.
Nataraj
On Mon, Mar 05, 2012 at 11:50:21PM -0500, Bob Hoffman wrote:
What I would like is to just tell postfix to only allow incoming mail for user1 and user2 and reject all...but only from external sources, not locally sent mail.
You may use local_recipient_maps. On my home server, I have this in the postfix main.cf file:
mydestination = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
/etc/postfix/local_recipients contains the list of the users allowed to get mail from the external, one by line:
user1 OK user2 OK ...
Fill it with the values needed, then run "postmap /etc/postfix/local_recipients", and reload/restart postfix.
Also, see http://www.postfix.org/LOCAL_RECIPIENT_README.html
Micolas Kowalski wrote /Tue Mar 6 01:39:49 EST 2012
==================================== /
On Mon, Mar 05, 2012 at 11:50:21PM -0500, Bob Hoffman wrote:
/ What I would like is to just tell postfix to only allow incoming mail
/>/ for user1 and user2 and reject all...but only from external sources, not />/ locally sent mail. / You may use local_recipient_maps. On my home server, I have this in the postfix main.cf file:
mydestination = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
/etc/postfix/local_recipients contains the list of the users allowed to get mail from the external, one by line:
user1 OK user2 OK ...
Fill it with the values needed, then run "postmap /etc/postfix/local_recipients", and reload/restart postfix. =======================================
For anyone reading and wanting to know, this is for centos 6, stock install of postfix. This appears to be the winning solution.
I was looking at that but could not see how to make it work. However, I think with your note on local_rec I had a working example to play with.
My server is internet facing so this example had to be modified. I will be testing for a few days, but here is what I did, and it seems to work.
main.cf mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain (I had to add all 4 or mail had issues or were completely rebuffed)
/etc/postfix/myusers added two users, user1 OK user2 OK (have to put something after each user..a space then 'something'. Postfix ignores the right side.)
Adding @domain caused all to be rejected or all to be allowed, depending on the things I tried. putting just the local user down without the @ worked good.
postmap /etc/postfix/myusers service postfix restart
Here is the thing that made it work...getting rid of $alias_maps in the local_recipient_maps = hash:/etc/postfix/myusers, $alias_maps
by adding alias_maps, it will accept anything listed in there, which includes all the unix users like apache, root, etc.
ran newaliases....
seems to work.
Seems like all incoming mail bounce correctly, adding 'unknown user'. I was able to command line from my root account, sending a mail to my root account and received it.
I thought the local maps file was needed as is to allow proper authentication to send/receive mail obviously not...
perfect solution so far Nicolas
Now my question is.... why is the default to allow all these mails?
From: Bob Hoffman bob@bobhoffman.com
Postfix, by default, accepts all incoming mail to any user listed in the shadow/passwd and alias files. I cannot find a way to stop that without manually blocking each non wanted user (like nobody, apache) without killing local delivery.
What about using /etc/postfix/access: root@yourdomain REJECT Wouldn't that work?
JD
-
Bob Hoffman -
John Doe -
John R Pierce -
Les Mikesell -
Nataraj -
Nicolas KOWALSKI