I'm in the process of migrating my personal domain to a new server, and
in the process I'm switching from sendmail to Postfix.
One feature I haven't been able to quite figure out is part of
sendmail's "virtusertable" - *most* of this is equivalent to
virtual_alias_maps, but it also allows you to do a variety of other
things such as reject arbitrary recipients with a custom SMTP response
code and message.
For instance:
kdeugau...@deepnet.cx error:5.1.1:550 This address is no longer valid
as it was sold to spammers
I've come close to an exact match by adding a check_recipient_access map
to smtpd_recipient_restrictions, but the resulting SMTP status codes
aren't quite correct - 554 vs 550.
It doesn't matter that much, but I'd like to be precise with these
responses.
Postfix 2.11 on Debian 8/Jessie. Suggestions for other minor fixups
welcome as well, although I'm pretty sure I've got everything else
working the way I want.
-kgd
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
delay_warning_time = 1h
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = tiny.deepnet.cx, localhost.deepnet.cx, deepnet.cx,
deepnet.ca, localhost
myhostname = tiny.deepnet.cx
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +_
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_milters = unix:/var/spool/MIMEDefang/mimedefang.sock
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/nosuchuser, permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/smtp_deepnet_cx.crt
smtpd_tls_key_file = /etc/ssl/private/hex.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual_alias,
regexp:/etc/postfix/regexp_virtual_alias
# cat /etc/postfix/nosuchuser
kdeugau...@deepnet.cx REJECT 5.1.1 550 This address is no longer valid
as it was sold to spammers
someuserwhol...@deepnet.cx REJECT Sorry, not accepting mail for
this account
supp...@deepnet.cx REJECT
sendmail, old server:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 hex.deepnet.cx ESMTP Sendmail 8.13.8/8.13.8; Tue, 8 Nov 2016
14:40:32 -0500
helo local
250 hex.deepnet.cx Hello hex.deepnet.cx [127.0.0.1], pleased to meet you
mail from:kdeu...@deepnet.cx
250 2.1.0 kdeu...@deepnet.cx... Sender ok
rcpt to:kdeugau...@deepnet.cx
550 5.1.1 kdeugau...@deepnet.cx... This address is no longer valid as it
was sold to spammers
quit
221 2.0.0 hex.deepnet.cx closing connection
Connection closed by foreign host.
$
postfix, new server:
$ telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 tiny.deepnet.cx ESMTP Postfix
helo local
250 tiny.deepnet.cx
mail from:kdeu...@deepnet.cx
250 2.1.0 Ok
rcpt to:kdeugau...@deepnet.cx
554 5.1.1 <kdeugau...@deepnet.cx>: Recipient address rejected: 550 This
address is no longer valid as it was sold to spammers
quit
221 2.0.0 Bye
Connection closed by foreign host.
$
