On 2014-06-17 23:18, Noel Jones wrote:
On 6/17/2014 3:48 PM, uffe wrote:
Hi,
I'm trying to configure postfix to perform smtpd access checks -
specifically recipient check/restrictions - but without having it consult
its virtual_alias_maps.
I'm heavily depending on catchall constructions in virtual_aliases for
further "virtual routing"
The catchall constructs in my virtual_alias_maps seem to break all recipient
checks/restriction for me.
Yes, this is a known limitation of catchalls, and a very good reason
to avoid them.
damn it would be nice with another (new) set of virtual_route_aliases
that would not be considered before the email was accepted by smtpd.
Can anyone come up with a way (configurtion) for smtpd to check for valid
recipients in a map - and keep it away from looking into virtual_alias_maps
while performing recipient validation ?
You can use a check_recipient_access map and then reject any local
recipient not listed in the map. But if you already have a map,
seems like you could eliminate the troublesome catchall without
resorting to oddball hacks.
Something like:
main.cf:
## do this in sender checks to not become an open relay
smtpd_sender_restrictions =
check_recipient_access hash:/etc/postfix/valid_recipients
check_recipient_access regexp:/etc/postfix/reject_all_local.regexp
# valid_recipients
## list all valid recipients here
us...@example.com OK
us...@example.com OK
...
# reject_all_local.regexp
## valid recipients already permitted, so only invalid are left.
/@example\.com$/ REJECT unknown recipient
If there aren't too many valid recipients, you can do the whole
thing in a single regexp file with the last entry as the default
REJECT, but the syntax and scaling is easier with indexed tables.
Ok will need to do some testing - unfortunately my setup is not straight
forward simple - lots of domains etc.
Thanks
/Uffe
