Per-Erik Persson put forth on 2/14/2011 4:17 PM: > I have recently found out the beuty of restriction classes. > So to reject senders from certain sites that usually misspell their sender > address I have set up the following: > > > smtpd_restriction_classes = verify_client_sender > verify_client_sender = reject_unverified_sender, permit > > smtpd_client_restrictions = > check_client_access hash:/etc/postfix/client-access, > check_client_access pcre:/etc/postfix/client-pcre-access, > permit_mynetworks, > permit_sasl_authenticated, > permit > > client-access looks like this: > hostname_of_misspelled sender_1 verify_client_sender > hostname_of_misspelled sender_2 verify_client_sender > bla bla bla other hosts i dislike > > > It works! > But the sender(roundcube webmail) gets the errormessage "450 could not add > recipient" > It is not the recipientaddress that postfix blocks the email on, it is the > senderaddress. > Can I give a better errormessage to the users that insists on changing > their senderaddresses, explaining why the email is rejected?
http://www.postfix.org/postconf.5.html#reject_unverified_sender Just a friendly sanity check: Are you sure that doing forward SAV is what you really want to be doing to solve this problem? AIUI there are basically two downsides to forward SAV: 1. Some MX hosts will "lie" in response to the probe, then reject actual mail delivery attempts later, depending on which smtp phase in which they do the actual mailbox address verification. Honestly, I'm not fully versed on how Wietse does the probes in Postfix, so this may or may not be an issue with the Postfix SAV probe implementation. Historically it has been an issue in the larger world of smtp. 2. Some sites frown on forward SAV probes, period, especially high volume receivers. The reason here should be obvious. -- Stan
