Reduce "backscatter" bounce risk by setting local_recipient_maps

Leaving the local_recipient_maps setting empty has a risk which is
described in the Postfix manual:

   "[...] That is, an empty value. With this setting, the Postfix SMTP
    server will not reject mail with "User unknown in local recipient
    table". Don't do this on systems that receive mail directly from
    the Internet. With today's worms and viruses, Postfix will become a
    backscatter source: it accepts mail for non-existent recipients and
    then tries to return that mail as "undeliverable" to the often
    forged sender address."

This commit changes the local_recipient_maps setting to only accept
(and potentially bounce) emails where the local part is known (one
that we've mentioned in general.yml) or to a Unix user that exists.

Fixes #1166

1 files changed, 9 insertions, 1 deletions

diff --git a/script/site-specific-install.sh b/script/site-specific-install.sh
index 5fbab3322..e5a6f3f0b 100755
--- a/script/site-specific-install.sh
+++ b/script/site-specific-install.sh
@@ -57,7 +57,7 @@ ensure_line_present \
 
 ensure_line_present \
     "^ *local_recipient_maps *=" \
-    "local_recipient_maps = " \
+    "local_recipient_maps = proxy:unix:passwd.byname regexp:/etc/postfix/recipients" \
     /etc/postfix/main.cf 644
 
 ensure_line_present \
@@ -80,6 +80,13 @@ ensure_line_present \
     "mail.*                          -/var/log/mail/mail.log" \
     /etc/rsyslog.d/50-default.conf 644
 
+cat > /etc/postfix/recipients <<EOF
+/^foi.*/                this-is-ignored
+/^postmaster@/          this-is-ignored
+/^user-support@/        this-is-ignored
+/^team@/                this-is-ignored
+EOF
+
 if ! egrep '^ */var/log/mail/mail.log *{' /etc/logrotate.d/rsyslog
 then
     cat >> /etc/logrotate.d/rsyslog <<EOF
@@ -103,6 +110,7 @@ fi
 
 newaliases
 postmap /etc/postfix/regexp
+postmap /etc/postfix/recipients
 postfix reload
 
 # (end of the Postfix configuration)