Server setup: forwarding only local email

Often, when setting up email on a server, you want to receive email from local processes (cron jobs, etc) but don’t want email accounts to be abused by spammers. For example, on Ubuntu systems you might have a cron job that runs as www-data that you want to get mail from, but you don’t want spammers sending email to I just had a client ask me to fix this problem for them, so I thought I’d share the solution I came up with. Typically, the /etc/aliases file directs mail from all these extra accounts (like www-data, nobody, etc) to root and you’re expected to set up an forwarder for root (e.g. Instead of directing mail for all these accounts to root, I created a locked out account. The only purpose of this account is to verify that only locally generated email is sent on to the end recipient. No more Viagra spam for! To set up the locked out account:

$ sudo /usr/sbin/useradd localmail  $ sudo /usr/sbin/usermod -L -s /dev/null localmail  $ echo '"|exec /usr/bin/procmail"' | sudo -u localmail tee ~localmail/.forward  $ echo <<EOF | sudo -u localmail tee ~localmail/.procmailrc  # replace with whatever domain locally generated email has  :0:  * !^Return-Path: .*  /dev/null    :0:  !root  EOF

This works with postfix, but I haven’t tried other MTAs.

2 thoughts on “Server setup: forwarding only local email”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.