Found an easier solution, for those interested. It is not directly connected to Postifx, but rather to SpamAssassin, if you use it.
To recap what I wanted to achieve: I want to reject all email from *@bad-domain.org (external domain) reaching my users. One user on one of my domains wants to receive email from *bad-domain.org and not being tagged as SPAM. This setup is a little tricky to achieve with Postfix, thus, I am making use of SpamAssassin: In SpamAssassin's local.cf define the domain you don't want email from, like: blacklist_from *@bad-domain.org In the same local.cf configuration file add: score USER_IN_BLACKLIST 200 score USER_IN_WHITELIST 200 Now, for each user that wants to receive emails from a blacklisted domain, edit the local user_prefs file for SpamAssassin and add: whitelist_from *@bad-domain.org >From now on, all messages from *@bad-domain.org will have a score of 200 in SpamAssassin and will not be delivered to local user's Inbox. All messages from *@bad-domain.org sent to a local user having whitelist_from *@bad-domain.org in his/her user_pref file will have a SpamAssassin score of 0 (not counting other rules), thus being delivered to user's inbox This implies that emails with a certain score, let's say above 12, are deleted. This setup also implies that instead of rejecting email directly, you server will receive and process the message, taking up resources in case of a very spammy external domain, but for now it will do the job for me. It might be an easy fix, but I just thought of it now. Hope someone finds this useful. Razvan Constantin -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Inteq Solution - Dep. Tehnic Sent: Friday, February 06, 2015 12:51 AM To: 'postfix users' Subject: RE: Reject domain but allow inbound for a local user Thank you very much for the information provided Noel. Razvan Constantin -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Noel Jones Sent: Thursday, February 05, 2015 6:41 PM To: postfix-users@postfix.org Subject: Re: Reject domain but allow inbound for a local user On 2/5/2015 8:00 AM, li...@rhsoft.net wrote: > > Am 05.02.2015 um 14:54 schrieb Inteq Solution - Dep. Tehnic: >> Thank you for taking your time to reply Wietse, >> >> I might have been a bit ambiguous about my problem. >> I know how to whitelist inbound u...@domain.com while rejecting the >> all other inbound from @domain.com >> >> My problem is: >> >> domainA.com is an external domain >> domainB.com is a domain hosted on my server. >> >> I REJECT all users of domainA.com from sending email to one of my >> domains, domainB.com domainA.com REJECT >> >> But, one user on domainB.com wants to receive email from any user on >> domainA.com This is the part where I am lost in reading the manual: >> allowing all email from domainA.com to domainB.com, but only for a >> certain user account on domainB.com. > > postfix don't support *any* configuration depending on sender *and* > RCPT at the same time - you can configure restrictions only for the > left or right side > > for anything else you need a ploicy-daemon or milter > > discussed recently more than once here You can use a restriction class to allow this sender/recipient combination. Some examples are in: http://www.postfix.org/RESTRICTION_CLASS_README.html The limitation with the restriction class feature is it doesn't scale well to lots of restrictions. Each combination needs its own class, so it can quickly become unmanageable. This won't be a problem with bypassing for one recipient. For more flexible multiple combinations, use a milter or policy service. -- Noel Jones
