[CentOS] restrict postfix to only certain users getting incoming mail

Tue Mar 6 05:21:27 UTC 2012
Les Mikesell <lesmikesell at gmail.com>

On Mon, Mar 5, 2012 at 10:50 PM, Bob Hoffman <bob at bobhoffman.com> wrote:
> Perhaps I am trying to do the impossible.
> centos6, spamassassin, procmail, dovecot, postfix.
>
> Postfix, by default, accepts all incoming mail to any user listed in the
> shadow/passwd and alias files.
>
> I cannot find a way to stop that without manually blocking each non
> wanted user (like nobody, apache) without killing local delivery.
>
> For most of the users listed in those files, who cares. However for one,
> root, this is a massive issue.
>
> Root gets a lot of mail from errors on the system. Preventing local
> delivery (or through the alias file, delivery through root to another
> user) makes root never receive those important mails.
>
> Not preventing root from incoming mails means root at example.com can be
> slammed with spam.
>
> Local and external mail all seem to go through all of the programs
> (postfix, procmail, spamassassin, dovecot).
>
> Local delivery of mails is needed for root.
>
>
> What I would like is to just tell postfix to only allow incoming mail
> for user1 and user2 and reject all...but only from external sources, not
> locally sent mail.
>
> Postfix does seem to allow you to limit who can send mail out of the
> server though...
>
> I have 2 books on postfix here and spent many days online but I do not
> see the solution short of /dev/null or reject of all mail, local or
> external, of root.

The approach I always liked with sendmail was to have a separate
machine  facing the internet to receive mail for the domain with no
local users of its own using either aliases or virtusers to forward
accepted messages to the internal delivery host(s).    A virtual
machine would work if you don't have enough traffic (or spam) to keep
a real server busy.

-- 
    Les Mikesell
      lesmikesell at gmail.com