On 2025-01-23 at 10:01:13 UTC-0500 (Thu, 23 Jan 2025 16:01:13 +0100) Gerben Wierda via Postfix-users <[email protected]> is rumored to have said:
> I was wondering, suppose I have a user like this: > > [email protected] is the account name > [email protected] is the incoming alias and the outgoing canonical > > Could I force incoming mail to accept the alias form, but not accept the > account form? I.e. [email protected] as address is blocked, but > [email protected] is accepted and delivered to [email protected] I landed on that by accident many years ago... Since you are using system accounts, it is quite straightforward. With system accounts, by default the canonical fully-qualified address is [email protected] BUT the FQDN domain part is just the default for bare usernames. Set the server's hostname (and by default postfix's myhostname) to a FQDN (ideally one which is not resolvable in public DNS but is resolvable locally, either as a hosts file entry or in an internal DNS view.) By default that is also mydestination. Make the base domain that you want to have mailable addresses a virtual alias domain. In your virtual alias map, you can then map all of the names in the mailable domain (i.e. example.com) that you want to be deliverable to the bare usernames. If you use a regexp or pcre map, you can also give your users ad hoc single-use email addresses using any pattern you want, not just '+' tagging. If you do not map the simplest address ([email protected]) and if there's no way for clients to resolve the internal hostname, the hypothetically canonical address "[email protected]" isn't useful to spammers. Even if you leave the FQDN resolvable to the world, spammers are not going to guess hostnames and add them to addresses. I also use a bigger ad hoc alias mechanism with user-specific "hostnames" that exist only to route mail, but that is not really justified for most users. > The spammers that send to my systems use the account form (and not the > alias/canonical) a lot, that's why I'm asking I feel your pain. For a long time I used a simple address in public places like Usenet. It's on a lot of spammer lists. It's still mailable in principle, but it has such severe spam filtering that even if I still gave it out, many people would find it undeliverable. It hasn't been "real" since ~2001. > I can of course create a new account form ([email protected]) and use > aliases/canonicals on that, but that might not take hold in the long term and > I would have to let users change their auth settings (which now is user 'foo' > and 'password') That's helpful because they won't need to change the domain part of their account name, which they would if they were using [email protected]. -- Bill Cole [email protected] or [email protected] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
