On Sat, Jun 1, 2013 at 9:50 AM, Jeroen Geilman <jer...@adaptr.nl> wrote: > > On 05/31/2013 10:53 PM, Jason Price wrote: >> >> Background: Internal Mail Relay server. Connections from the internet are >> not possible. The vast majority of messages are going to Google Apps. >> >> Problem one: How to properly 'blacklist' certain To: addresses. >> >> >> With a blacklist in the form of a check_recipient_access map: > > http://www.postfix.org/access.5.html > > >> I am currently using: >> >> header_checks = pcre:/etc/postfix/header_checks > > > Don't do this. Headers are trivially forged, and should never be used to make > routing decisions. > >> /^To: et...@aaaaaa.com/ DISCARD > > Even worse; now your users won't know the mail was destroyed. > > Since it's all internal, sending them a bounce or reject is perfectly fine. > > With an access(5) map, their client will instantly tell them it failed, so > they can correct it. > > -- > J.
I ended up using transport maps, rather than access maps, after reading the following in access.5: Note: this action currently affects all recipients of the message. To discard only one recipient without discarding the entire message, use the transport(5) table to direct mail to the discard(8) service. so, in main.cf: transport_maps = hash:/etc/postfix/transport and transport looks like: et...@aaaaaa.com discard:silently jobcontroller_na...@aaaaaa.com discard:silently swall...@aaaaaa.com discard:silently I see your point about rejecting messages with bum recipients, but unfortunately there are other fish to fry. Thank you for your help. (and please excuse the 45 minutes of chasing my tail, because I never re-ran 'postmap transport' after modifying the file... :doh:) --Jason
