Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Postifx should not allow Backscatter
« previous
next »
Print
Pages: [
1
]
Author
Topic: Postifx should not allow Backscatter (Read 1511 times)
jassonmc
Newbie
Posts: 24
Karma: 0
Postifx should not allow Backscatter
«
on:
August 27, 2020, 03:05:28 pm »
Hi all
Since OPNsense and it's postifx plugin act as a mail gateway and not as a final destination, it should not allow for backscatter mail.
That is; it should not accept inbound mails for recipients which do not exist on the final destination mail server.
Postfix does have a setting for that:
smtpd_recipient_restrictions =
reject_unverified_recipient
That setting tells the OPNsense postfix to not yet accept that inbound mail, but first check with the internal destination mail server if that recipient would be accepted. If yes, it will happily accept that inbound mail (when it passed all other tests ofc). If not, it will send a 5xx response and therefore actively not contributing to backscatter.
Is there a way to add that setting to the main.cf or does that require a plugin update?
There is an option in the GUI called "Enforce Recipient Relay Check", which sounds similar, but requires you to feed the "Recipients" in the postfix plugin manually, which seems to me quite error prone.
Postfix can do this automatically, no need to feed an outer postifx with acceptable recipients.
It would help tremendously if one would be able to have a custom script block in order to proivde more options for the main.cf, like the one mentioned above. That way we could also easily add custom block lists and more, if necessary.
Any input is welcome.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Postifx should not allow Backscatter
«
Reply #1 on:
August 27, 2020, 03:24:05 pm »
as far as I understand the idea is not to allow the user to kill the opnsense with arbitrary settings (" custom script block").
but imho
reject_unverified_recipient is really desired option
im using postfiх on separate host and if i deсide to use postfix on opnsense host, i will pull request to add this option to GUI\.cf
https://github.com/opnsense/plugins/pulls
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Postifx should not allow Backscatter