On 12/16/2009 10:18 AM, Wietse Venema wrote:
sfqsf qsfsfq:
Hello,
I would like to configure Postfix to reject mail whose destination
match a few addresses IF the mail was not sent from our internal
network.
Basically i would like to do a header_checks on 2 lines (Received: and
To:) but the documentation says that it's not possible.
Instead of headers, use the envelope recipient address and the
client IP address.
You can't RELIABLY determine the recipient from the message header.
What is the easiest way to do it ? (Using a spam filter is not possible)
Use a policy daemon to examine the envelope recipient and the client
IP address. The perl-based demo script that is included with Postfix
source code should be sufficient.
Wietse
If the question is "how can I reject mail to certain
recipients if the client is not listed in mynetworks?" then
it's really easy. Just use a check_recipient_access table
after permit_mynetworks. A simple example:
# main.cf
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/bad_recipients
# bad_recipients
l...@example.com REJECT only internal senders
b...@example.com REJECT only internal senders
If you need a more complicated test, then use a policy server
or something like milter-regex
-- Noel Jones
