On 10/23/2014 2:52 PM, Sebastian Wiesinger wrote: > Hello, > > I have a few users that insist on using catch-all domains. Not > surprising they get spam to some address. Now they're asking if they > can reject mail for *some* of the addresses of the catch-all domain. > > They can create aliases themselves via postfixadmin and they want to > do this the same way. > > I tried to implement this by using a check_recipient_access pcre_table > like this: > > /etc/postfix# cat recipient_access.pcre > /^postfix-reject-address@.+$/ REJECT >
This must match the recipient address as sent by the client and logged by postfix smtpd process, NOT the rewritten address. > smtpd_recipient_restrictions = > check_recipient_access pcre:$config_directory/recipient_access.pcre, > ... It's generally unwise to put any access tables before permit_mynetworks. Extra caution is needed to make sure you don't accidentally create an open relay. http://www.postfix.org/SMTPD_ACCESS_README.html#danger > > And telling them to add an alias to > postfix-reject-address@$THEIR_DOMAIN This should not be necessary. -- Noel Jones
