On 05/31/2013 10:53 PM, Jason Price wrote:
Background: Internal Mail Relay server. Connections from the
internet are not possible. The vast majority of messages are going to
Google Apps.
Problem one: How to properly 'blacklist' certain To: addresses.
With a blacklist in the form of a check_recipient_access map:
http://www.postfix.org/access.5.html
I am currently using:
header_checks = pcre:/etc/postfix/header_checks
Don't do this. Headers are trivially forged, and should never be used to
make routing decisions.
/^To: et...@aaaaaa.com/ DISCARD
Even worse; now your users won't know the mail was destroyed.
Since it's all internal, sending them a bounce or reject is perfectly fine.
With an access(5) map, their client will instantly tell them it failed,
so they can correct it.
--
J.
