[SOLVED] Change the main.cf options

[Samp]

Hi,

I'm afraid because by default my Postfix main.cf set the smtpd_reject_unlisted_recipient to NO !!!

I changed with postconf -e smtpd_reject_unlisted_recipient=yes on zimbra user but if I restart Postfix this directive back to NO.

How to fix this this directive to YES definitely ?

Thanks for your help.

Sam.

[uxbod]

Make sure that /opt/zimbra/conf/postfix_recipient_restrictions.cf has the following within it

Code:

reject_unlisted_recipient

[Samp]

Quote:

Originally Posted by uxbod

Make sure that /opt/zimbra/conf/postfix_recipient_restrictions.cf has the following within it

Code:

reject_unlisted_recipient

Look my postfix_recipient_restrictions.cf:

Code:

reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%
permit

But on each postfix restart I have to make postconf -e smtpd_reject_unlisted_recipient=yes to set this feature otherwise Zimbra accept mails to unknown receipient !?

Sam.

[cejodrake]

I also have problems when wanting to change a directive from the postfix main.cf but does change when you restart postfix is again equal
Any idea how to do
greetings

[bobby]

You're looking at two different items; reject_unlisted_recipient should be listed in the smtpd_recipient_restrictions, so it's not necessary to also set smtpd_reject_unlisted_recipient.

$ postconf smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit

$ postconf smtpd_reject_unlisted_recipient
smtpd_reject_unlisted_recipient = no

If you really want to set it, edit the line for this in /opt/zimbra/conf/zmmta.cf:

POSTCONF smtpd_reject_unlisted_recipient yes

[Samp]

Quote:

Originally Posted by bobby

If you really want to set it, edit the line for this in /opt/zimbra/conf/zmmta.cf:

POSTCONF smtpd_reject_unlisted_recipient yes

Bingo, I changed zmmta.cf to set smtpd_reject_unlisted_recipient = yes (line 109) after restart Postfix this directive stay to "Yes"

Thanks a lot.

For the history we have more than 20 000 mails with unknown user a day and perhaps to send spams, our server was blacklisted, it's the first time I have this problem after 10 years of mail server installation and managment.

Sam.

[Samp]

Just for information:

I had more than 20 000 rejected mails a day for unknown user who generates spam by MALER-DAEMON, and our IP was blacklisted on several RBL.

I had to install Postfix-policyd on our mail relay in front of Zimbra to fix this problem, perhaps it will be useful to integrate Postfix-policyd on Zimbra.

Sam.

[uxbod]

Are you saying you are greylisting now ? I have to admit I run MailScanner in-front of my Zimbra installations, which is personally choice, but a lot can be done to kick back those naughty spammers. Are you suffering from backscatter ? or spammers impersonating your domain ?

[Samp]

Quote:

Originally Posted by uxbod

Are you saying you are greylisting now ? I have to admit I run MailScanner in-front of my Zimbra installations, which is personally choice, but a lot can be done to kick back those naughty spammers. Are you suffering from backscatter ? or spammers impersonating your domain ?

From backscatter and our IP is registered on ips.backscatter.org and they ask us to wait 4 weeks to be automatically removed from list or... send 50.00Euros for immediate removing (so nice !)

We use MailScanner too on the mail relay but not as AS/AV we got the best result with Postfix-Policyd, more than 30 000 wrong mails are discarded a day.

I put some RBL in Zimbra MTA Agent (SORBS-DUL, spamcop.net, spamhaus.org) but I'm not sure if this work behind a mail relay, all mails come from only one IP...

Thanks for your help.

Sam.