3

I have a Postfix installation on a single machine which is the sole final mail destination for:

  1. The hostname of the machine (mail.example.org) and localhost
  2. Mailman lists on lists.example.org
  3. A number of virtual domains

The relevant settings in main.cf are:

myhostname = mail.example.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mydestination = localhost, $myorigin
relay_domains = $mydestination, lists.example.org
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual domains
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = hash:/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes
virtual_alias_maps = hash:/etc/postfix/virtual_aliases
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

# mailman configuration
mailman_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport

smtpd_relay_restrictions = permit_mynetworks,
  reject_invalid_hostname,
  reject_unknown_sender_domain,
  reject_unknown_recipient_domain,
  reject_unauth_destination,
  reject_unlisted_recipient,
  reject_rbl_client zen.spamhaus.org,
  permit

At present, mail for lists.example.org is routed to Mailman through the following transport_maps setting:

lists.example.org mailman:

This works, but it means that if an email is sent to an unknown list, the message is accepted by Postfix and then bounced when it is processed by Mailman. For several reasons -- particularly reducing backscatter and rejecting mail as early as possible -- I want Postfix to reject mail as soon as it sees a RCPT TO which matches @lists.example.org and doesn't correspond to a Mailman list.

I think I can achieve this result by creating a file containing all the Mailman list aliases and specifying this as relay_recipient_maps in main.cf. However, my understanding is that relay_recipient_maps applies to relay_domains, and I don't want $mydestination addresses to be affected.

So my two related questions are:

  1. Should I remove $mydestination from relay_domains, and if I do will my existing aliases continue to work?
  2. If relay_domains is set to lists.example.org, will relay_recipient_maps achieve the result I want?

Alternatively, if there's a way for Postfix to query Mailman and get a response before accepting the mail for delivery (perhaps with a before-queue filter - this is how I handle mail to SpamAssassin), that would also achieve what I want.

Thanks in advance. :-)

pwaring
  • 209
  • 2
  • 7
  • 1
    In my understanding of postfix, `$mydestination` should be removed from `relay_domains`, domains should only be listed once in the lists for locally handled domains. And for 2) I'd say yes. – sebix Nov 11 '15 at 20:17

1 Answers1

0

Took me a while to get round to doing this, but the steps I followed were:

  1. Remove $mydestination from relay_domains.
  2. Add a list of all Mailman aliases to a hashed file called /etc/postfixo/relay_recipient_maps.
  3. Added: relay_recipient_maps = hash:/etc/postfix/relay_recipient_maps to main.cf

Emails to non-existent lists are now rejected as part of the initial SMTP transaction, before any spam checking is done and before the mail is handed over to Mailman.

pwaring
  • 209
  • 2
  • 7