* Noel Jones <njo...@megan.vbhcs.org> [2014-10-24 00:36]:
> > I tried to implement this by using a check_recipient_access pcre_table
> > like this:
> >
> > /etc/postfix# cat recipient_access.pcre
> > /^postfix-reject-address@.+$/ REJECT
> >
>
> This must match the recipient address as sent by the client and
> logged by postfix smtpd process, NOT the rewritten address.
Yes,
I figured this out and found a way to do what I wanted. I now have the
following:
smtpd_recipient_restrictions =
check_recipient_access
proxy:mysql:$config_directory/sql/mysql_check_recipient_access.cf,
...
(Also I had to extend proxy_read_maps for this).
The .cf contains the following query:
query = SELECT 'REJECT' FROM alias WHERE address='%s' AND
goto='reject@postfix.access' AND active = '1'
So all the users have to do is add an alias from their address to
reject@postfix.access to reject a specific alias.
> > smtpd_recipient_restrictions =
> > check_recipient_access pcre:$config_directory/recipient_access.pcre,
> > ...
>
> It's generally unwise to put any access tables before
> permit_mynetworks. Extra caution is needed to make sure you don't
> accidentally create an open relay.
In this specific case I think it is okay because I want noone to be
able to mail to these addresses. It should be as if the alias does not
exist.
As for the open relay, I moved all that stuff to
smtpd_relay_restrictions.
> > And telling them to add an alias to
> > postfix-reject-address@$THEIR_DOMAIN
>
> This should not be necessary.
It's the way postfixadmin works. Without coding up an extension that
lets user block specific aliases this is the fastest way to do it.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
