How to reject mail for unknown users in postfix (local_recipient_maps)

In this tutorial I will cover below topics

  • How to deliver mails only to valid users on localhost
  • How to reject mail for unknown users on localhost with Postfix
  • How to reject unknown local recipients with Postfix

As of Postfix version 2.0, the Postfix SMTP server rejects mail for unknown recipients in local domains (domains that match $mydestination or the IP addresses in $inet_interfaces or $proxy_interfaces) with "User unknown in local recipient table". This feature was optional with earlier Postfix versions.

 

Enable local_recipient_maps

The local_recipient_maps parameter defines a list of places that Postfix can look to determine whether a local username is valid. The format of the value portion of local_recipient_maps is a comma or whitespace-separated list:

local_recipient_maps = $alias_maps unix:passwd.byname

The values defined for the parameter instruct Postfix where to look on the system to validate the message recipient address. The preceding example instructs Postfix to first check the aliases lookup table and then to use the Unix system password file.

 

Reject mail for unknown users

As mentioned earlier, after postfix 2.0 by default postfix will reject mail for unknown users. We can also define this explicitly by using local_recipient_maps in the below format. Add the following in your /etc/postfix/main.cf file

local_recipient_maps = $alias_maps unix:passwd.byname

Reload the postfix service

# systemctl reload postfix

 

Verify

I do not have user deepak on my postfix server.

# id deepak
id: ‘deepak’: no such user

So we will try to send mail to deepak user via telnet to verify the configuration

# telnet -4 localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 centos8-2.example.com ESMTP Postfix
HELO mail.example.com
250 centos8-2.example.com
MAIL FROM: <root@centos8-2.example.com>
250 2.1.0 Ok
RCPT TO: <deepak@centos8-2.example.com>
550 5.1.1 <deepak@centos8-2.example.com>: Recipient address rejected: User unknown in local recipient table
^]
telnet> quit
Connection closed.

From the logs

Aug 02 02:21:20 centos8-2.example.com postfix/smtpd[9446]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <deepak@centos8-2.example.com>: Recipient address rejected: User unknown in local recipient table; from=<root@centos8-2.example.com> to=<deepak@centos8-2.example.com> proto=SMTP helo=<mail.example.com>
Aug 02 02:21:26 centos8-2.example.com postfix/smtpd[9446]: lost connection after RCPT from localhost[127.0.0.1]

 

Disable local_recipient_maps

To turn off unknown local recipient rejects by the SMTP server, specify local_recipient_maps with empty value as shown below in your /etc/postfix/main.cf:

local_recipient_maps =

Next reload the postfix service

# systemctl reload postfix

Verify the configuration

# telnet -4 localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 centos8-2.example.com ESMTP Postfix
HELO mail.example.com
250 centos8-2.example.com
MAIL FROM: <root@centos8-2.example.com>
250 2.1.0 Ok
RCPT TO: <deepak@centos8-2.example.com>
250 2.1.5 Ok
^]
telnet> quit
Connection closed.

Now the mail is not rejected even though the user deepak doesn't exist on my localhost.

 

Conclusion

In this tutorial we learned how to reject mail for unknown users with postfix. We could also disable this check but this is not recommended on systems that receive mail directly from the Internet. With today's worms and viruses, Postfix will become a backscatter source: it accepts mail for non-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address

Lastly I hope the steps from the article to configure postfix to reject mail for unknown users on Linux was helpful. So, let me know your suggestions and feedback using the comment section.

 

References

I have used below external references for this tutorial guide
http://www.postfix.org/LOCAL_RECIPIENT_README.html

Leave a Comment

Please use shortcodes <pre class=comments>your code</pre> for syntax highlighting when adding code.