Postfix recipient address verification: does it work without maintaing a list of relay domains on the forwarder?
I'm trying to setup a postfix server with recipient address verification, but I'm not having success. This is my relevant config (as per this)
relayhost = x.x.x.x
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unknown_recipient_domain, reject_unverified_recipient
unverified_recipient_reject_reason = Address lookup failed
address_verify_negative_cache = no
unverified_recipient_tempfail_action = defer
I set the host as MX record for the domain I'm testing.
The only thing I get is this:
May 4 10:36:29 marine postfix/smtpd[28788]: connect from xyz
May 4 10:36:29 marine postfix/smtpd[28788]: NOQUEUE: reject: RCPT from xyz: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<example.nl>
May 4 10:36:29 marine postfix/smtpd[28788]: disconnect from xyz
In the mean time, I learned that recipient address verification only verifies the user, not the domain. This means I still need to have the domain listed as relay domain. This is a problem.
I don't want to keep a list of domains on this server for which it can relay. What the target server will accept is dynamic, so I can't keep synchronizing the domain list. I had planned to do this:
- Stop from becoming an open relay with reject_unknown_recipient_domain. Because the docs say this: "Reject the request when Postfix is not final destination for the recipient domain", I figured it would reject when the MX record is not this host, but apparently it doesn't (tested with netcat to port 25; it is an open relay).
- If that had worked, it would then have probed the relay_host for all addresses and domains that have this host as MX record. But, it doesn't.
Apparently, recipient address verification only verifies the user, not the domain.
How can I make sure postfix actually rejects mail which has an MX record pointing elsewhere?
If your talking about postfix probing the relay_host via smtp, that cannot be done natively and it would be a burden on postfix. If it cannot determine immediately via local file/db/ldap or dns(domain mx) that it is allowed, it'll reject it. Otherwise DOS attacks will quite quickly tie up your resources and take out your relay_host as well.
If the relay_host does have a database or ldap list of users, you can use relay_recipient_maps and virtual_mailbox_domains to query the relay_host and know what it has available. The only downside is if it is down at any point your postfix box will most likely error with a 4XX temporary failure instead of accepting the mail and hold it until the relay_host is available to accept it, this is the upside of a local cached copy. I use a wget from my central server to my local 3 postfix relay hosts which periodically download the list of users and domains.
Without detailed information on your relay host has to offer, can't really give much configuration suggestions.
The permit_mx_backup configuration option in postfix may do what you want:
permit_mx_backup
Permit the request when the local mail system is backup MX for the RCPT TO domain, or when the domain is an authorized destination (see permit_auth_destination for definition).
- Safety: permit_mx_backup does not accept addresses that have sender-specified routing information (example: user@elsewhere@domain).
- Safety: permit_mx_backup can be vulnerable to mis-use when access is not restricted with permit_mx_backup_networks.
- Safety: as of Postfix version 2.3, permit_mx_backup no longer accepts the address when the local mail system is primary MX for the recipient domain. Exception: permit_mx_backup accepts the address when it specifies an authorized destination (see permit_auth_destination for definition).
- Limitation: mail may be rejected in case of a temporary DNS lookup problem with Postfix prior to version 2.0.