2009/12/16 Noel Jones <njo...@megan.vbhcs.org>: > On 12/16/2009 10:18 AM, Wietse Venema wrote: >> >> sfqsf qsfsfq: >>> >>> Hello, >>> >>> I would like to configure Postfix to reject mail whose destination >>> match a few addresses IF the mail was not sent from our internal >>> network. >>> >>> Basically i would like to do a header_checks on 2 lines (Received: and >>> To:) but the documentation says that it's not possible. >> >> Instead of headers, use the envelope recipient address and the >> client IP address. >> >> You can't RELIABLY determine the recipient from the message header. >> >>> What is the easiest way to do it ? (Using a spam filter is not possible) >> >> Use a policy daemon to examine the envelope recipient and the client >> IP address. The perl-based demo script that is included with Postfix >> source code should be sufficient. >> >> Wietse > > If the question is "how can I reject mail to certain recipients if the > client is not listed in mynetworks?" then it's really easy. Just use a > check_recipient_access table after permit_mynetworks. A simple example: > # main.cf > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_recipient_access hash:/etc/postfix/bad_recipients > > # bad_recipients > l...@example.com REJECT only internal senders > b...@example.com REJECT only internal senders > > > If you need a more complicated test, then use a policy server or something > like milter-regex > > > -- Noel Jones >
Thank you, the "bad_recipients" hash table did the trick ! I forgot the "smtpd_recipient_restrictions" could do that (i did the current configuration years ago) and I feel silly now ... Thanks again !
