Thread: Rejecting outside "root" and "administrator" messages
View Single Post

  #3 (permalink)  
Old 02-11-2008
Bill Gee
 
Posts: n/a
Default Re: Rejecting outside "root" and "administrator" messages
Thanks for the ideas. I have put this in and it seems to work for admin and
root accounts, but postmaster is still getting through. I changed the
crontab file so that it sends directly to me instead of to root.

Here are excerpts from my config files:

===== main.cf ========================
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
check_recipient_access hash:/etc/postfix/denied-system-mailboxes,
reject_unauth_destination,
permit

===== denied-system-mailboxes =======
root REJECT
admin REJECT
postmaster REJECT
root@example.net REJECT
postmaster@example.net REJECT

==== aliases ===========
# Everything in aliases is REM'd except these three lines
MAILER-DAEMON: postmaster
admin: root
root: myaddress

Thanks for any suggestions!

Bill Gee



Christian Winter wrote:

> Bill Gee wrote:
>> About 90% of the spam coming into my server is addressed to either root
>> or
>> administrator. I understand these two addresses are required, but I'm
>> tired of the spam. I would simply remove them entirely except that
>> various cron jobs running on my server use them.
>>
>> Is there a way to reject messages addressed to either root or
>> administrator which do not originate inside my network?
>
> Simply adapt your smtpd_recipient_restrictions to first allow
> your local networks, then reject mail to your system mailboxes.
> Postfix always executes the listed restrictions in the order they
> are specified.
>
> smtpd_XXX_restrictions only apply to real SMTP deliveries,
> so local mail delivery via the sendmail binary (like from cron)
> isn't affected by them. Here's a short example:
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> check_recipient_access hash:/etc/postfix/denied_system_maiboxes
> reject_unauth_destination
>
> Then create+postmap /etc/postfix/denied_system_mailboxes:
> root REJECT
> administrator REJECT
>
> -Chris

--
Bill Gee

There are no 'X' chars in my email address.
Reply With Quote