On 23 Jan 2025, at 17:55, Wietse Venema via Postfix-users
<postfix-users@postfix.org> wrote:
>
> Gerben Wierda via Postfix-users:
>> I was wondering, suppose I have a user like this:
>>
>> f...@bar.com is the account name
>> foo.lastn...@bar.com is the incoming alias and the outgoing canonical
>>
>> Could I force incoming mail to accept the alias form, but not
>> accept the account form? I.e. f...@bar.com as address is blocked,
>> but foo.lastn...@bar.com is accepted and delivered to f...@bar.com
>>
>> The spammers that send to my systems use the account form (and not
>> the alias/canonical) a lot, that's why I'm asking
>>
>> I can of course create a new account form (a...@bar.com) and use
>> aliases/canonicals on that, but that might not take hold in the
>> long term and I would have to let users change their auth settings
>> (which now is user 'foo' and 'password')
>
> Could this be as simple as an smtpd_recipient_restriction
>
> /etc/postfix/main.cf
> smtpd_recipient_restriction =
> ...
> reject_unauth_destination
> check_recipient_access pcre:/etc/postfix/reject-account.pcre
> ...
>
> /etc/postfix/reject-account.pcre:
> /^[^.]+@example\.com$/ reject must use the first.last form
>
> Or the hard-core form:
>
> /etc/postfix/main.cf
> smtpd_recipient_restriction =
> ...
> reject_unauth_destination
> check_recipient_access pcre:{{/^[^.]+@example\.com$$/
> reject must use the first.last form}}
> ...
>
> If this is intended only for *some* accounts, then you need one
> to enumerate the forbidden forms.
>
> Wietse
That is a good one. That will work. Thanks.
Now, the only thing I would like to add — if possible — is to use this only for
smtp traffic coming from outside on port 25 and not from inside or port
submission, such that internal senders may use the simple usern...@domain.tld
form but outside port 25 users may not. And then I set it to drop so they can't
get the backscatter to my user via my backup SMTP service (which is part of the
actual 'problem' I'm trying to solve).
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>, Mastodon
<https://newsie.social/@gctwnl>, Bluesky
<https://bsky.app/profile/gerbenwierda.bsky.social>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/mastering-archimate-edition-3-2/>
YouTube Channel <http://www.youtube.com/@GerbenWierda>
> _______________________________________________
> Postfix-users mailing list -- postfix-users@postfix.org
> <mailto:postfix-users@postfix.org>
> To unsubscribe send an email to postfix-users-le...@postfix.org
> <mailto:postfix-users-le...@postfix.org>
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
