I moved from an old sendmail based mail server to a new Postfix one
recently. On the old system when a user account was closed I would put an
entry in a access map for sendmail like
To:olduser@ ERROR:"505 Disabled user account"
and this would work fine to prevent any email delivery for that user
with an immediate rejection (not a bounce)
With Postfix I found I had to change the format of this to
olduser@ 505 Disabled user account
but my initial tests seemed to work okay so I thought all was well. But
after running in production for a few days I found three problems I did
not have with sendmail:
1) sending email to an external user with the same name like
oldu...@gmail.com fails with the Disabled user account error
2) if olduser is in an alias and email is sent to that alias, email is
still delivered to the olduser inbox
3) if another user happens to have a ~/.forward file forwarding to that
olduser email then email to that user is still delivered to the olduser
inbox
As a quick fix for (1) I have changed the access map to use
olduser@primary.domain instead of just olduser@ but that only works for
that primary.domain. We have several secondary domains and I would have to
list each one in the access map for each user which is less than ideal.
I have no fix for (2) or (3)
In Postfix, what is the normal proper way to get any email sent to
olduser@(any domain in mydestination) rejected including if it is in an
alias or in a user ~/.forward
Relevant configurations are:
local_recipient_maps = proxy:unix:passwd.byname, $alias_maps
unknown_local_recipient_reject_code = 550
smtpd_recipient_restrictions =
hash:/etc/postfix/access,
hash:/etc/postfix/access_disabled,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
permit_mynetworks,
check_client_access hash:/etc/postfix/relay-domains,
permit_sasl_authenticated,
reject_unlisted_recipient,
reject_unauth_destination
smtpd_sender_restrictions = check_sender_access
hash:/etc/postfix/access_sender
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access_client
---------------------------------------------------------------
Paul Raines http://help.nmr.mgh.harvard.edu
MGH/MIT/HMS Athinoula A. Martinos Center for Biomedical Imaging
149 (2301) 13th Street Charlestown, MA 02129 USA
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Mass General Brigham Compliance
HelpLine at https://www.massgeneralbrigham.org/complianceline
<https://www.massgeneralbrigham.org/complianceline> .
Please note that this e-mail is not secure (encrypted). If you do not wish to continue communication over unencrypted e-mail, please notify the sender of this message immediately. Continuing to send or respond to e-mail after receiving this message means you understand and accept this risk and wish to continue to communicate over unencrypted e-mail.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
