We have a list of blocked users in a hash file like this:
blockedacco...@example.com REJECT
And use it like this:
smtpd_recipient_restrictions =
...
check_recipient_access hash:/etc/postfix/access_to.hash
The error message generated by postfix when trying to send to this is:
554 5.7.1 <blockedacco...@example.com>: Recipient address rejected: Access
denied
From http://tools.ietf.org/html/rfc1893
X.7.1 Delivery not authorized, message refused
The *sender* is not authorized to send to the destination.
It seems to me that using 5.7.1 as the default response for a
*check_recipient_access* REJECT result isn't the best because it suggests
that the *sender* is the problem in some way, not the recipient address.
Maybe better would be.
X.2.1 Mailbox disabled, not accepting messages
The mailbox exists, but is not accepting messages.
Though unless you've done permit_auth_destination *before* the
check_recipient_access, you don't know that the "mailbox exists". It seems
there's no really good status code for just saying "we don't like the
recipient address"? Maybe:
X.1.0 Other address status
Something about the address specified in the message caused
this DSN.
Of course we can do this manually by changing every line to:
blockedacco...@example.com REJECT 5.2.1 Access denied
But just thought I'd mention it as a possible enhancement to make the
defaults better for all users.
Rob
