Hello All Thank you for all your replies. I will put my solution below (just in case someone other stumbles over it).
On 03/04/2014 04:32 PM, Noel Jones wrote: > However, you can do this with either a smtpd restriction class or > with a policy server such as postfwd. > http://www.postfix.org/RESTRICTION_CLASS_README.html > http://www.postfix.org/SMTPD_POLICY_README.html > http://postfwd.org/ Thank you for the hint Noel. I don't use postfwd right now so i did my solution with the restriction class. It works as follows: * In the first rule of my "smtpd_recipient_restrictions" i do check for the recipient <secret...@ee.ethz.ch> and if it matches i trigger the "after_account_redirects" restriction class. * In this restriction class i do twice a check against the sender and finally (if my specified sender has not sent this message) reject the mail with a "reject_unlisted_recipient". * The first sender check makes sure that the email will be redirected to the new addres. * The second sender check makes sure we accept this email. Without this permit the mail gets redirected AND the sender receives a bounce that the email could not be sent to the user "secretary" (which in fact does not exist anymore). /etc/postfix/main.cf # If set to yes we always reject the mails because the user does not # exist. But now you have to make sure you have defined the # reject_unlisted_recipient access restriction somewhere. smtpd_reject_unlisted_recipient = no smtpd_restriction_classes = [...] after_account_redirects after_account_redirects = # Depending on the sender define the redirection address check_sender_access hash:/etc/postfix/aaredirect_redirects # Then check again for the sender and permit the redirection check_sender_access hash:/etc/postfix/aaredirect_permits # Sender was not found? Reject and tell the user does not exist. reject_unlisted_recipient smtpd_recipient_restrictions = # Here we define recipients which should trigger the restritcion # class. Thiss could be a hash table but we use it also for some # other tests so it is a pcre. check_recipient_access pcre:/etc/postfix/recipient_redirects [...] reject_unlisted_recipient /etc/postfix/recipient_redirects /secret...@ee.ethz.ch/ after_account_redirects /etc/postfix/aaredirect_redirects sa...@software.tld REDIRECT otheracco...@ee.ethz.ch /etc/postfix/aaredirect_permits sa...@software.tld permit It works as intended, but i don't like the two lookups i have to do for the same address. Maybe someone sees how i could do that better? Best regards Matthias -- Matthias Egger ETH Zurich Department of Information Technology maeg...@ee.ethz.ch and Electrical Engineering IT Support Group (ISG.EE), ETL/F/24.1 Phone +41 (0)44 632 03 90 Physikstrasse 3, CH-8092 Zurich Fax +41 (0)44 632 11 95
