MTA: Postfix

Protecting daemon accounts

by ross at 08:40:45 on October 30, 2011

There are system accounts that should not receive mail. They usually have a UID number between 1 and 999. For example, daemon or operator accounts.

There is a way to protect these accounts:

Edit /usr/local/etc/postfix/main.cf:

smtpd_recipient_restrictions =
   check_recipient_access hash:/usr/local/etc/postfix/access

Reload postfix:

# postfix reload

Here is a simple one-liner to fill the file (this is a single line):

# pw usershow -a | awk -F: -vOFS= '{ if ($3 != 0 && $3 < 1000) 
 print $1,"@\t\t\t550 This account does not accept or read mail" }'

Example output:

[email protected]                 550 This account does not accept or read mail
[email protected]                       550 This account does not accept or read mail
[email protected]                    550 This account does not accept or read mail
[email protected]                    550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                    550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                       550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                        550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                    550 This account does not accept or read mail
[email protected]                    550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                       550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                   550 This account does not accept or read mail
[email protected]                  550 This account does not accept or read mail
[email protected]                        550 This account does not accept or read mail
[email protected]                 550 This account does not accept or read mail
[email protected]                        550 This account does not accept or read mail

Add the output to /usr/local/etc/postfix/access file and then:

# postmap /usr/local/etc/postfix/access

 

Comments