"jam" == John A Martin
"Re: [Mailman-Users] SPAM getting through on moderated lists"
Thu, 14 Aug 2003 12:34:21 -0400
jam> 2. Cause something like the following to be run as root
jam> either whenever the Mailman aliases are modified or, less
jam> well, periodically by cron. This converts the Mailman
jam> aliases file, excluding the loop detection alias, into a
jam> Postfix access table.
jam> egrep -v
jam> sed 's/^\([^:]*\):.*$/\1 550 Bogus Mail
jam> From/'> /etc/postfix/check-list-bmf
jam> postmap /etc/postfix/check-list-bmf
jam> The above bash script assumes Mailman and Postfix
jam> installed from recent Debian packages.
That is pure rubbish. I should never post untested anything that even
looks like a script or suchlike. I'm too prone to big oversights as
The above produces 'email-address-pattern action' pairs from the
aliases using only the 'name' part of the alias which does not (in
general) give an appropriate 'email-address-pattern' for the Postfix
access table. The script above could be modified to produce an
'email-address-pattern' of the form 'name at domain.tld' which would
work. However, if the Postfix/Mailman host is dedicated to the
mailing lists with a hostname like lists.example.com and
it also serves Postfix style virtual domain for mailing lists
something like lists.foo.tld then the Postfix access table could look
,----[ /etc/postfix/check-list-bmf ]
lists.example.com 550 Bogus Mail From
lists.foo.tld 550 Bogus Mail From
lists.bar.tld 550 Bogus Mail From
with a line for the Mailman host and each Postfix style virtual domain
used for Mailman lists. This access table needs maintenance (postmap)
only when virtual domains are added or removed. When employed in the
jam> 3. In /etc/postfix/main.cf
jam> smtpd_recipient_restrictions jam> ...
jam> ... check_sender_access
this will reject incoming mail using SMTP 'mail from:' our host or any
of the FQDN hostnames used for (Postfix style) mail virtual domains.
This should AFICT do no harm.
The Sendmail equivalent should also be even easier without using the