On 6/17/2014 3:48 PM, uffe wrote: > Hi, > > I'm trying to configure postfix to perform smtpd access checks - > specifically recipient check/restrictions - but without having it consult > its virtual_alias_maps. > > I'm heavily depending on catchall constructions in virtual_aliases for > further "virtual routing" > The catchall constructs in my virtual_alias_maps seem to break all recipient > checks/restriction for me.
Yes, this is a known limitation of catchalls, and a very good reason to avoid them. > > Can anyone come up with a way (configurtion) for smtpd to check for valid > recipients in a map - and keep it away from looking into virtual_alias_maps > while performing recipient validation ? You can use a check_recipient_access map and then reject any local recipient not listed in the map. But if you already have a map, seems like you could eliminate the troublesome catchall without resorting to oddball hacks. Something like: main.cf: ## do this in sender checks to not become an open relay smtpd_sender_restrictions = check_recipient_access hash:/etc/postfix/valid_recipients check_recipient_access regexp:/etc/postfix/reject_all_local.regexp # valid_recipients ## list all valid recipients here us...@example.com OK us...@example.com OK ... # reject_all_local.regexp ## valid recipients already permitted, so only invalid are left. /@example\.com$/ REJECT unknown recipient If there aren't too many valid recipients, you can do the whole thing in a single regexp file with the last entry as the default REJECT, but the syntax and scaling is easier with indexed tables. > > BTW I really miss a doc/drawing - explaining the order of smtpd access > checks in respect to virtual_alias_maps lookups - any pointers ? http://www.postfix.org/OVERVIEW.html -- Noel Jones
