I distrust access(5), but that's just a detail of db format; I think what you mean is the several access list checks available in the smtpd_*_restrictions. As I replied to Philip, I think this depends on what point in the delivery process postfix replicates the message for additional recipients. From what you say I gather this occurs early, either in the helo stage, or immediately following. The problem is, I want to start blacklisting at the client stage, which makes the whitelisting a little dicey.
On Thu, Apr 20, 2017 at 10:47 AM, Viktor Dukhovni < postfix-us...@dukhovni.org> wrote: > On Thu, Apr 20, 2017 at 01:43:11AM -0700, J. Johnson wrote: > > > A while back I was wondering why certain spammers kept hitting our > > 'postmaster' account, then i realized there were multiple recipients. It > > seems like the other recipients ride in on the back of 'postmaster', then > > are free to go there individual ways. Does anyone know if that is true? > > No, each recipient address undergoes the full set of access(5) > checks independently of other recipients. > > The main caveat is that smtpd_data_restrictions and > smtpd_end_of_data_restrictions cannot perform any recipient-dependent > actions on messages that have more than one recipient. Do not use > recipient-dependent checks in those ccontexts. > > Some access(5) actions, such as "DISCARD", "FILTER ...", "REDIRECT" > affect the whole message. But these are not likely to lead to > mutli-recipient message addressees receiving spam that they would > not have receiving in an identical single-recipient message addressed > to them alone. > > > And if so, how can the additional recipients be suppressed? > > The premise is false, so the question is moot. > > -- > Viktor. >
