relay_recipient_maps for postfix

Hi,

  I think you want to use the postfix
reject_unverified_recipient command.
See http://www.postfix.org/ADDRESS_VERIFICATION_README.ht
ml.... The
reject_unverified_recipient will probe the downstream
postoffice to see if
the recipient is a valid one... and if not then reject the
message with a
450 (or 550 if you also use unverified_recipient_reject_code
= 550)...

Dave
************************************************************
***************
On Mon, 21 Aug 2006, Dan OConnor wrote:

> Hi All,
>
> I setup a script to pull a list of users from the Maia
db and use it for
> postfix for the relay_recipient_maps so it will reject
mail coming into
> the system that is not going to a valid mailbox. I have
spent the last
> couple weeks looking for something to do it, but either
I am oblivious
> to the utterly obvious and did not see it listed
anywhere or I just was
> not asking Google the right questions.  I am hardly an
expert so if you
> see anything missing or have idea give me a shout.
>
>
>
> =====================================================
>
>
>
> First in your main.cf file add this to the bottom.
>
> relay_recipient_maps =
hash:/etc/postfix/relay_recipients
>
>
>
> Also add this line, it can help to stop DOS attacks,
got it from the
> list, I can't remember who though, but thanks!
>
> unverified_recipient_reject_code = 550
>
>
>
> Do not restart postfix just yet 
>
> Go to your scripts dir in Maia and create a new file
called 'list' and
> add this to it.
>
>
>
> email
>
> yourdomain.com
>
> .
>
>
>
> You can also add any other domains you have in maia
here.
>
> Next make a new file called 'exportemail'
>
>
>
> #! /bin/bash
>
>
#########################################################
>
> # ExportEmail
>
> # -- Created By Dan O, Aug 21st 2006 --
>
> # Legacyboy at gmail dot com
>
> # This will export a list of users from the Maia
>
> # MySQL DB and creat the relay_recipients file
>
> # for Postfix.
>
>
########################################################
>
>
>
>
>
> ##Get the list of users from MySQL
>
>
>
> echo "select email from users;" | mysql -u
user -ppassword -D maia >
> dump
>
>
>
> ##Now remove the lines of Junk at the top
>
>
>
> IFS=$'\n'
>
> for NAME in $(cat list)
>
> do
>
> sed -i "\|^$NAME\$|d" dump
>
> done
>
>
>
> ##Add a OK to the end of each address
>
>
>
> sed 's/$/ OK/g' dump > relay_recipients
>
>
>
> ## Remove the dump file
>
> rm dump
>
>
>
> #Move the file to the /etc/postfix dir
>
> cp relay_recipients /etc/postfix/relay_recipients
>
> rm relay_recipients
>
> #Now we need to postmap the file so postfix can read
it.
>
> postmap /etc/postfix/relay_recipients
>
>
>
> ##-Fin-##
>
>
>
>
>
> Don't forget to chmod a+x the file.
>
> Then you can give it a run, check the final file in
/etc/postfix/ it
> should look like this
>
> emaildomain.com OK
>
> email2domain.com OK
>
> email3domain.com OK
>
> etc...
>
>
>
> If it looks good, give postfix a kick, if it breaks
just rem out those
> two lines we added.
>
>
>
> I have set mine up to run as a cron job every hour to
make sure the file
> is always up to date,
>
> Also at this point it will only run as root. (I know, I
know, I will fix
> it soon).
>
>
>
> Dan O'Connor CNA
>
> Network Support Technician
>
> St. Amant
>
> Ph: (204) 256-4301 ext. 2321
>
> Fax: (204) 254-3768
>
> Email: doconnorstamant.mb.ca
>
>
>
>
>

******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER ********
This email and/or any documents in this transmission is
intended for the address(es) only and may contain legally
privileged or confidential information.  Any unauthorized
use, disclosure, distribution, copying or dissemination is
strictly prohibited.  If you receive this transmission in
error, please notify the sender immediately and return the
original.

St. Amant does not accept liability for any errors,
omissions, corruption or virus in the contents of this
message or any attachments that arise as a result of e-mail
transmission.

Ce courriel et tout document dans cette transmission est
destinÿÿ ÿÿ la personne ou aux personnes ÿÿ qui il est
adressÿÿ. Il peut contenir des informations ilÿÿgier ou
confidentielles. Toute utilisation, divulgation,
distribution, copie, ou diffusion non autorisÿÿe est
strictement dÿÿfendue. Si vous n'ÿÿtes pasdestinataire de
ce message, veuillez en informer l'expÿÿditeur
immÿÿdiatement et lui remettre l'original.

St. Amant ne prend aucune responsabilitÿÿ d'erreurs,
omissions, corruptions ou virus compris dans le contenu de
se message ou de n'importe quels attachement qui en est le
rÿÿsultat d'une transmission de courrier ÿÿlectronique.

>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

Dan,

That looked like it took some time!  I have an alternate way
to accomplish
this goal by using direct lookups in the MySQL db.  The
advantage of
course is that the change takes effect in real-time (Postfix
will start
accepting mail for new addresses immediately when added to
Maia instead of
having to wait an hour for the cron to run).

I will try and document all the steps, I have tested this
and it works on
my server at the moment.  This of course makes the
assumption that your
Postfix has been compiled with MySQL lookup capability.  See
below for
those steps.

Using MySQL for relay_recipient_maps

1. Create a file named /etc/postfix/mysql-recipients.cf (any
name will do)

2. Put the following content in the file, replacing the
appropriate pieces
with your info (hosts, user, password, dbname)

hosts = 127.0.0.1
user = USERNAME
password = PASSWORD
dbname = maia
query = select email from users where email like '%u\%d'

3. Save and close the file

4. Add the following entry in /etc/postfix/main.cf

relay_recipient_maps =
mysql:/etc/postfix/mysql-recipients.cf

5. postfix reload

6. You can test the query out using this command: (replace
userdomain.com
with a valid user)

postmap –q “userdomain.com”
mysql:/etc/postfix/mysql-recipients.cf

Building Postfix with MySQL support

This assumes you already have Postfix installed, and you
want to use
2.2.10 which was the latest build available when I
originally wrote these
steps.  Replace with latest version as appropriate, and
assumes you are
running on Linux with MySQL installed in the default RPM'd
location.

1. mkdir /usr/local/src
2. cd /usr/local/src
3. wget
http://www.tigertech.net/mirrors/
postfix-release/official/postfix-2.2.10.tar.gz
4. tar zxvf postfix-2.2.10.tar.gz
5. cd postfix-2.2.10
6. make -f Makefile.init makefiles 'CCARGS=-DHAS_MYSQL
-I/usr/include/mysql' 'AUXLIBS=-L/usr/lib/mysql
-lmysqlclient -lz -lm'
7. make
8. make upgrade

Of course, this begs the question.. can't I do domain
lookups directly
from MySQL as well??  Of course you can!  Here are the
steps:

Using MySQL for domain lookups

1. Create a file named /etc/postfix/mysql-domains.cf (any
name will do)

2. Put the following content in the file, replacing the
appropriate pieces
with your info (hosts, user, password, dbname)

hosts = 127.0.0.1
user = USERNAME
password = PASSWORD
dbname = maia
query = select domain from maia_domains where domain like
'\%s'

3. Save and close the file

4. Add the following entry in /etc/postfix/main.cf

relay_domains = mysql:/etc/postfix/mysql-domains.cf

5. Add the following section to /etc/postfix/main.cf (or
just add the
reject_unauth_destination entry if you already have the
section, and the
spaces are VERY important after the first line, not the
number of spaces,
but the existence of at least one space at the beginning of
each line)

smtpd_recipient_restrictions
     reject_unath_destination,
     permit

6. Save and close the file

7. You can test the query result by using this command
(replace domain.com
with a domain that is actually in your database):

postmap –q “domain.com” mysql:/etc/postfix/mysql-domains.cf

Now if I could only convince Robert and David to add the
ability to
specify a transport (smarthost) in the Maia GUI, you would
be able to run
a mail filtering server for an unlimited amount of domains
without ever
having to make any changes to Postfix... nudge nudge, wink
wink...

And not to forget David's comment.. I also use that method
of address
verification, but it has it's drawbacks.  For example,

1. increased latencty while the downstream verification is
performed
2. assumption that the downstream is configured properly
(older Ensim
boxes default to accepting mail for any user even if they
don't exist
3. assumption that the next downstream server is
authoritative for that
domain (the address verification only goes one hop to check,
if there is
another MTA in the way, it won't work)

And probably others I left out...  but I still use it since
my Maia box
doesn't have every user in it since most users don't know
or don't care to
use it.

Ryan

> Hi,
>
>   I think you want to use the postfix
reject_unverified_recipient command.
> See http://www.postfix.org/ADDRESS_VERIFICATION_README.ht
ml.... The
> reject_unverified_recipient will probe the downstream
postoffice to see if
> the recipient is a valid one... and if not then reject
the message with a
> 450 (or 550 if you also use
unverified_recipient_reject_code = 550)...
>
> Dave
>
************************************************************
***************
> On Mon, 21 Aug 2006, Dan OConnor wrote:
>
>> Hi All,
>>
>> I setup a script to pull a list of users from the
Maia db and use it for
>> postfix for the relay_recipient_maps so it will
reject mail coming into
>> the system that is not going to a valid mailbox. I
have spent the last
>> couple weeks looking for something to do it, but
either I am oblivious
>> to the utterly obvious and did not see it listed
anywhere or I just was
>> not asking Google the right questions.  I am hardly
an expert so if you
>> see anything missing or have idea give me a shout.
>>
>>
>>
>>
====================================================>
>>
>>
>> First in your main.cf file add this to the bottom.
>>
>> relay_recipient_maps =
hash:/etc/postfix/relay_recipients
>>
>>
>>
>> Also add this line, it can help to stop DOS
attacks, got it from the
>> list, I can't remember who though, but thanks!
>>
>> unverified_recipient_reject_code = 550
>>
>>
>>
>> Do not restart postfix just yet 
>>
>> Go to your scripts dir in Maia and create a new
file called 'list' and
>> add this to it.
>>
>>
>>
>> email
>>
>> yourdomain.com
>>
>> .
>>
>>
>>
>> You can also add any other domains you have in maia
here.
>>
>> Next make a new file called 'exportemail'
>>
>>
>>
>> #! /bin/bash
>>
>>
#########################################################
>>
>> # ExportEmail
>>
>> # -- Created By Dan O, Aug 21st 2006 --
>>
>> # Legacyboy at gmail dot com
>>
>> # This will export a list of users from the Maia
>>
>> # MySQL DB and creat the relay_recipients file
>>
>> # for Postfix.
>>
>>
########################################################
>>
>>
>>
>>
>>
>> ##Get the list of users from MySQL
>>
>>
>>
>> echo "select email from users;" | mysql
-u user -ppassword -D maia >
>> dump
>>
>>
>>
>> ##Now remove the lines of Junk at the top
>>
>>
>>
>> IFS=$'\n'
>>
>> for NAME in $(cat list)
>>
>> do
>>
>> sed -i "\|^$NAME\$|d" dump
>>
>> done
>>
>>
>>
>> ##Add a OK to the end of each address
>>
>>
>>
>> sed 's/$/ OK/g' dump > relay_recipients
>>
>>
>>
>> ## Remove the dump file
>>
>> rm dump
>>
>>
>>
>> #Move the file to the /etc/postfix dir
>>
>> cp relay_recipients /etc/postfix/relay_recipients
>>
>> rm relay_recipients
>>
>> #Now we need to postmap the file so postfix can
read it.
>>
>> postmap /etc/postfix/relay_recipients
>>
>>
>>
>> ##-Fin-##
>>
>>
>>
>>
>>
>> Don't forget to chmod a+x the file.
>>
>> Then you can give it a run, check the final file in
/etc/postfix/ it
>> should look like this
>>
>> emaildomain.com OK
>>
>> email2domain.com OK
>>
>> email3domain.com OK
>>
>> etc...
>>
>>
>>
>> If it looks good, give postfix a kick, if it breaks
just rem out those
>> two lines we added.
>>
>>
>>
>> I have set mine up to run as a cron job every hour
to make sure the file
>> is always up to date,
>>
>> Also at this point it will only run as root. (I
know, I know, I will fix
>> it soon).
>>
>>
>>
>> Dan O'Connor CNA
>>
>> Network Support Technician
>>
>> St. Amant
>>
>> Ph: (204) 256-4301 ext. 2321
>>
>> Fax: (204) 254-3768
>>
>> Email: doconnorstamant.mb.ca
>>
>>
>>
>>
>>
>
>
>
>
> ******* INTERNET E-MAIL CONFIDENTIALITY DISCLAIMER
********
> This email and/or any documents in this transmission is
intended for the
> address(es) only and may contain legally privileged or
confidential
> information.  Any unauthorized use, disclosure,
distribution, copying or
> dissemination is strictly prohibited.  If you receive
this transmission in
> error, please notify the sender immediately and return
the original.
>
> St. Amant does not accept liability for any errors,
omissions, corruption
> or virus in the contents of this message or any
attachments that arise as
> a result of e-mail transmission.
>
> Ce courriel et tout document dans cette transmission
est destinÿÿ ÿÿ la
> personne ou aux personnes ÿÿ qui il est adressÿÿ. Il
peut contenir des
> informations ilÿÿgier ou confidentielles. Toute
utilisation, divulgation,
> distribution, copie, ou diffusion non autorisÿÿe est
strictement
> dÿÿfendue. Si vous n'ÿÿtes pasdestinataire de ce
message, veuillez en
> informer l'expÿÿditeur immÿÿdiatement et lui remettre
l'original.
>
> St. Amant ne prend aucune responsabilitÿÿ d'erreurs,
omissions,
> corruptions ou virus compris dans le contenu de se
message ou de n'importe
> quels attachement qui en est le rÿÿsultat d'une
transmission de courrier
> ÿÿlectronique.
>
>
>>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

relay_recipient_maps for postfix

Thread: relay_recipient_maps for postfix