CentOS - Mar 2012 - restrict postfix to only certain users getting incoming mail

Perhaps I am trying to do the impossible.
centos6, spamassassin, procmail, dovecot, postfix.

Postfix, by default, accepts all incoming mail to any user listed in the 
shadow/passwd and alias files.

I cannot find a way to stop that without manually blocking each non 
wanted user (like nobody, apache) without killing local delivery.

For most of the users listed in those files, who cares. However for one, 
root, this is a massive issue.

Root gets a lot of mail from errors on the system. Preventing local 
delivery (or through the alias file, delivery through root to another 
user) makes root never receive those important mails.

Not preventing root from incoming mails means root at example.com can be 
slammed with spam.

Local and external mail all seem to go through all of the programs 
(postfix, procmail, spamassassin, dovecot).

Local delivery of mails is needed for root.


What I would like is to just tell postfix to only allow incoming mail 
for user1 and user2 and reject all...but only from external sources, not 
locally sent mail.

Postfix does seem to allow you to limit who can send mail out of the 
server though...

I have 2 books on postfix here and spent many days online but I do not 
see the solution short of /dev/null or reject of all mail, local or 
external, of root.

perplexed.

On 03/05/12 8:50 PM, Bob Hoffman wrote:
> I have 2 books on postfix here and spent many days online but I do not
> see the solution short of /dev/null or reject of all mail, local or
> external, of root.
shouldn't be hard to cook up a procmail recipe for that.



-- 
john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast

On Mon, Mar 5, 2012 at 10:50 PM, Bob Hoffman <bob at bobhoffman.com>
wrote:
> Perhaps I am trying to do the impossible.
> centos6, spamassassin, procmail, dovecot, postfix.
>
> Postfix, by default, accepts all incoming mail to any user listed in the
> shadow/passwd and alias files.
>
> I cannot find a way to stop that without manually blocking each non
> wanted user (like nobody, apache) without killing local delivery.
>
> For most of the users listed in those files, who cares. However for one,
> root, this is a massive issue.
>
> Root gets a lot of mail from errors on the system. Preventing local
> delivery (or through the alias file, delivery through root to another
> user) makes root never receive those important mails.
>
> Not preventing root from incoming mails means root at example.com can be
> slammed with spam.
>
> Local and external mail all seem to go through all of the programs
> (postfix, procmail, spamassassin, dovecot).
>
> Local delivery of mails is needed for root.
>
>
> What I would like is to just tell postfix to only allow incoming mail
> for user1 and user2 and reject all...but only from external sources, not
> locally sent mail.
>
> Postfix does seem to allow you to limit who can send mail out of the
> server though...
>
> I have 2 books on postfix here and spent many days online but I do not
> see the solution short of /dev/null or reject of all mail, local or
> external, of root.
The approach I always liked with sendmail was to have a separate
machine  facing the internet to receive mail for the domain with no
local users of its own using either aliases or virtusers to forward
accepted messages to the internal delivery host(s).    A virtual
machine would work if you don't have enough traffic (or spam) to keep
a real server busy.

-- 
    Les Mikesell
      lesmikesell at gmail.com

On 03/05/2012 08:50 PM, Bob Hoffman wrote:
> Perhaps I am trying to do the impossible.
> centos6, spamassassin, procmail, dovecot, postfix.
>
> Postfix, by default, accepts all incoming mail to any user listed in the 
> shadow/passwd and alias files.
>
> I cannot find a way to stop that without manually blocking each non 
> wanted user (like nobody, apache) without killing local delivery.
>
> For most of the users listed in those files, who cares. However for one, 
> root, this is a massive issue.
>
> Root gets a lot of mail from errors on the system. Preventing local 
> delivery (or through the alias file, delivery through root to another 
> user) makes root never receive those important mails.
>
> Not preventing root from incoming mails means root at example.com can be 
> slammed with spam.
>
> Local and external mail all seem to go through all of the programs 
> (postfix, procmail, spamassassin, dovecot).
>
> Local delivery of mails is needed for root.
>
>
> What I would like is to just tell postfix to only allow incoming mail 
> for user1 and user2 and reject all...but only from external sources, not 
> locally sent mail.
>
> Postfix does seem to allow you to limit who can send mail out of the 
> server though...
>
> I have 2 books on postfix here and spent many days online but I do not 
> see the solution short of /dev/null or reject of all mail, local or 
> external, of root.
>
> perplexed.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Postfix is incredibly flexible in what it can do.  Using virtual domains
gives you the most flexibility in terms of not tying local users
directly to mail users.  You can setup a postgres or mysql database and
then define an sql query that determines dynamically what mail the smtp
server will accept.  For example, I have in my smtpd_recipient_restrictions

  permit_sasl_authenticated
        permit_mynetworks
        check_recipient_access proxy:pgsql:/etc/postfix/vpm_recipient_access
        .
        .
        .

Then, in vpm_recipient_access I have the following sql query which runs
dynamically each time an smtp message is transmitted:

query=select coalesce(
        (select 'DUNNO'::text from users u where u.domainsname=(select
coalesce\
(aliasedto,name)
                from domains where name='%d' and active) and  u.active),
        (select 'REJECT No such domain "%d"'::text where
'%d' NOT IN
(select na\
me from domains where active)),
        'REJECT No such user "%u" in domain
"%d"'::text)

You can also define your own policy daemon, which I do as well, but the
advantage of the database query above is that it is very fast and works
well on a busy mail server.  The policy daemon can be written in python
or perl, but then the decision making process is much slower.  So I try
to weed out and reject as much spam using the fastest mechanisms and
save the slower mechanisms for whatever can't be handled in other ways.

This is all well documented on thehttp://www.postfix.org/
<http://www.postfix.org/>and if you install one of the many available
mail packages that include postfix, they will setup all of the virtual
domain stuff and provide you with a policy daemon that you can customize
to your needs.

Also, check out the postfix mailing list.


Nataraj

On Mon, Mar 05, 2012 at 11:50:21PM -0500, Bob Hoffman
wrote:
> What I would like is to just tell postfix to only allow incoming mail 
> for user1 and user2 and reject all...but only from external sources, not 
> locally sent mail.
You may use local_recipient_maps. On my home server, I have this in the 
postfix main.cf file:

mydestination = $myhostname, localhost
local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps


/etc/postfix/local_recipients contains the list of the users allowed to 
get mail from the external, one by line: 

user1	OK
user2	OK
...


Fill it with the values needed, then run "postmap
/etc/postfix/local_recipients",
and reload/restart postfix.

Also, see http://www.postfix.org/LOCAL_RECIPIENT_README.html

-- 
Nicolas

From: Bob Hoffman <bob at bobhoffman.com>
> Postfix, by default, accepts all incoming mail to any user listed in the 
> shadow/passwd and alias files.
> I cannot find a way to stop that without manually blocking each non 
> wanted user (like nobody, apache) without killing local delivery.
What about using /etc/postfix/access:
? root at yourdomain REJECT
Wouldn't that work?

JD