D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] mail filtering

 

mike@xxxxxxxxxxxxx wrote:
> 
> What do others do? 

Always configure recipient validation before completing the SMTP
transaction here.

> I was thinking of just /dev/nulling via a catchall.

Bad karma - dev nulling email.

Misspelt email address will result in unacknowledged lost email. Not
such a problem for "Mike", but take pity on the Fay{e}s, Graemes,
Grahames, and Saras of this world.

> I suppose I could validate email on the dmz smtp but didn;t want to go 
> down that route.

Then I'd lose the whole SMTP DMZ server, perhaps move the whole email
server to the DMZ, depends on the risk analysis, but indirectly
untrusted data makes it to the internal SMTP server, so arguably it
belongs in a DMZ of some sort.

Why not validate addresses, it really shouldn't be that hard. I think
later versions of Postfix even allow one to do some sort of recipient
lookup on the destination server and cache the results, but you probably
just need to rsync some file, or do a database lookup/sync.

Basically you are in the same position as if you were running a backup
MX server, and that is a really bad idea these days without recipient
validation.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html