Bounce a particular recipient address with specified reject message
in [Postfix]
|
Prev: How to test server and stop test messages being sent out
Next: Configuring Two Postfix mail servers behind HA Proxy loadbalancer.
From: "techlist06" on 24 Nov 2009 09:13 Greetings: I have what I expect is a simple question for you guys. Thanks to Ralphs book and the help here I have a many-year stable postfix configuration, love it, don't mess with it. I have a very small hobby-based mailing list I maintain manually in Outlook. Although all maillist messages I send out include a footer asking the recipients to not reply to that maillist messages, the users will reply to the maillist messages occasionally and I would prefer they only reply to my other addresses. I can change the reply to address in Outlook to an invalid one, and it will reject it back to the sender with "not in virtual user table" but I don't wan that bounce message for this particular case. Instead, I would like to setup postfix so it has a more friendly reject for mail sent to (via replys to my messages) "maillist(a)mydomain.com" with a particular reject message that instructs the user on what address(es) to use to better contact me. Something similar to : 550 reject The email address maillist(a)mydomain.com does not accept inbound mail. Please use one of these addresses for contacting us: maillist unsubsubscribe: remove(a)mydomain.com, support issues: support(a)mydomain.com, other info(a)mydomain.com, etc. I thought maybe adding the address maillist(a)mydomain.com to the recipient_checks.pcre? But I don't know how to write the re if that's the right place to do this. Can someone help and tell me where is the best place to set this up? Thanks as always, Scott postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 483886080 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users
From: "techlist06" on 30 Nov 2009 09:09 Sahil, et.al: >Use an access(5) or transport(5) map: It appears that using an access map would best meet my need. I do not currently use an access map. Can you/anyone assist me with the proper placement of check_client_access hash:/etc/postfix/access in my setup? I don't want to screw up my restrictions which otherwise work properly. I *think* putting it last, after my greylisting line (see comment in postconf output below) would be appropriate. I think I'd want them to pass all other spam checks before rejecting semi-legitimate mail to this particular address with my specific reject message. Thanks, Scott postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 483886080 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 10485760 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit ## access map check here ?? smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users
From: "techlist06" on 30 Nov 2009 14:59 I tried to setup an access map and reject a specific user. But the mails to that user are not rejected. I tried adding the access map in a few different places in the configuration, so far none worked. It shows up in the smtpd_recipient_restrictions line below. Can anyone see what I did wrong?: My access map file has: maillist2(a)mydomain.com 550 REJECT The corresponding access.db file is built and fresh But mails to maillist2(a)mydomain.com get through without issue. postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 disable_vrfy_command = yes html_directory = no inet_interfaces = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipient mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = xxxxxxx mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = xxxxxxxxx mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = companypostoffice.com myhostname = tn1.companypostoffice.com mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix parent_domain_matches_subdomains = smtpd_access_maps queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc relay_domains = differentdomain.com relay_recipient_maps = hash:/etc/postfix/relay_recipients sample_directory = /usr/share/doc/postfix-2.2.10/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_required = yes smtpd_recipient_limit = 1500 smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, check_recipient_mx_access hash:/etc/postfix/mx_access, check_sender_mx_access hash:/etc/postfix/mx_access, reject_unknown_sender_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, check_client_access pcre:/etc/postfix/client_checks.pcre, check_client_access hash:/etc/postfix/access reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, check_policy_service unix:postgrey/socket, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual_domains virtual_alias_maps = hash:/etc/postfix/virtual_users >-----Original Message----- >From: owner-postfix-users(a)postfix.org >[mailto:owner-postfix-users(a)postfix.org] On Behalf Of techlist06 >Sent: Tuesday, November 24, 2009 8:14 AM >To: postfix-users(a)postfix.org >Subject: Bounce a particular recipient address with specified >reject message > >Greetings: > >I have what I expect is a simple question for you guys. >Thanks to Ralphs >book and the help here I have a many-year stable postfix >configuration, love >it, don't mess with it. > >I have a very small hobby-based mailing list I maintain >manually in Outlook. >Although all maillist messages I send out include a footer asking the >recipients to not reply to that maillist messages, the users >will reply to >the maillist messages occasionally and I would prefer they >only reply to my >other addresses. I can change the reply to address in Outlook >to an invalid >one, and it will reject it back to the sender with "not in virtual user >table" but I don't wan that bounce message for this particular case. > >Instead, I would like to setup postfix so it has a more >friendly reject for >mail sent to (via replys to my messages) "maillist(a)mydomain.com" with a >particular reject message that instructs the user on what >address(es) to use >to better contact me. Something similar to : > >550 reject The email address maillist(a)mydomain.com does not >accept inbound >mail. Please use one of these addresses for contacting us: maillist >unsubsubscribe: remove(a)mydomain.com, support issues: >support(a)mydomain.com, >other info(a)mydomain.com, etc. > >I thought maybe adding the address maillist(a)mydomain.com to the >recipient_checks.pcre? But I don't know how to write the re >if that's the >right place to do this. > >Can someone help and tell me where is the best place to set this up? > >Thanks as always, >Scott > > >postconf -n: > >alias_database = hash:/etc/aliases >alias_maps = hash:/etc/aliases >broken_sasl_auth_clients = yes >command_directory = /usr/sbin >config_directory = /etc/postfix >content_filter = smtp-amavis:[127.0.0.1]:10024 >daemon_directory = /usr/libexec/postfix >debug_peer_level = 2 >disable_vrfy_command = yes >html_directory = no >inet_interfaces = $myhostname, localhost >local_recipient_maps = hash:/etc/postfix/local_recipient >mail_owner = postfix >mail_spool_directory = /var/spool/mail >mailbox_size_limit = 483886080 >mailq_path = /usr/bin/mailq.postfix >manpage_directory = /usr/share/man >message_size_limit = 10485760 >mydestination = $myhostname, localhost.$mydomain, localhost, > $mydomain >mydomain = companypostoffice.com >myhostname = tn1.companypostoffice.com >mynetworks = localhost,$localdomain, xx.xx.xx.xx/32, xx.xx.xx.xx/32 >myorigin = $myhostname >newaliases_path = /usr/bin/newaliases.postfix >parent_domain_matches_subdomains = smtpd_access_maps >queue_directory = /var/spool/postfix >readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES >recipient_bcc_maps = hash:/etc/postfix/recipient_bcc >relay_domains = differentdomain.com >relay_recipient_maps = hash:/etc/postfix/relay_recipients >sample_directory = /usr/share/doc/postfix-2.2.10/samples >sendmail_path = /usr/sbin/sendmail.postfix >setgid_group = postdrop >smtpd_data_restrictions = reject_unauth_pipelining, permit >smtpd_helo_required = yes >smtpd_recipient_limit = 1500 >smtpd_recipient_restrictions = reject_invalid_hostname, >reject_non_fqdn_hostname, reject_non_fqdn_sender, >reject_non_fqdn_recipient, permit_mynetworks, >reject_unauth_destination, >check_recipient_mx_access hash:/etc/postfix/mx_access, >check_sender_mx_access hash:/etc/postfix/mx_access, >reject_unknown_sender_domain, check_recipient_access >pcre:/etc/postfix/recipient_checks.pcre, check_helo_access >hash:/etc/postfix/helo_checks, check_sender_access >hash:/etc/postfix/sender_checks, check_client_access >hash:/etc/postfix/client_checks, check_client_access >pcre:/etc/postfix/client_checks.pcre, reject_rbl_client list.dsbl.org, >reject_rbl_client zen.spamhaus.org, reject_rbl_client dnsbl.sorbs.net, >reject_rbl_client psbl.surriel.com, reject_rbl_client bl.spamcop.net, >check_policy_service unix:postgrey/socket, permit >smtpd_sasl_auth_enable = yes >smtpd_sasl_local_domain = $myhostname >smtpd_sasl_security_options = noanonymous >smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem >smtpd_tls_auth_only = yes >smtpd_tls_cert_file = /etc/postfix/certs/postfix_public_cert.pem >smtpd_tls_key_file = /etc/postfix/certs/postfix_private_key.pem >smtpd_tls_loglevel = 1 >smtpd_tls_received_header = yes >smtpd_tls_session_cache_timeout = 3600s >smtpd_use_tls = yes >soft_bounce = no >tls_random_source = dev:/dev/urandom >transport_maps = hash:/etc/postfix/transport >unknown_local_recipient_reject_code = 550 >virtual_alias_domains = hash:/etc/postfix/virtual_domains >virtual_alias_maps = hash:/etc/postfix/virtual_users > > >
From: Stan Hoeppner on 30 Nov 2009 15:52 techlist06 put forth on 11/30/2009 1:59 PM: > I tried to setup an access map and reject a specific user. But the mails to > that user are not rejected. I tried adding the access map in a few > different places in the configuration, so far none worked. It shows up in > the smtpd_recipient_restrictions line below. Can anyone see what I did > wrong?: Yes, you have: check_client_access hash:/etc/postfix/access which is wrong for matching email addresses: check_client_access type:table Search the specified access database for the client hostname, parent domains, client IP address, or networks obtained by stripping least significant octets. See the access(5) manual page for details. You need check_recipient_access type:table check_recipient_access type:table Search the specified access(5) database for the resolved RCPT TO address, domain, parent domains, or localpart@, and execute the corresponding action. Example: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access /etc/postfix/access maillist2(a)mydomain.com 550 REJECT Also, postmap /etc/postfix/access every time you make changes to it. If you did not reload postfix after creating the access file and adding it to main.cf, you also need to restart postfix. > My access map file has: > maillist2(a)mydomain.com 550 REJECT > > The corresponding access.db file is built and fresh > > But mails to maillist2(a)mydomain.com get through without issue. BTW, if you are trying to block all access to this email address, why not just remove it from your list(s) of valid recipients? Did I miss something earlier in the thread? -- Stan
From: "techlist06" on 30 Nov 2009 16:14
> You have: >check_client_access hash:/etc/postfix/access >which is wrong for matching email addresses: Thanks, that fixed my error. >check_recipient_access hash:/etc/postfix/access >BTW, if you are trying to block all access to this email address, why >not just remove it from your list(s) of valid recipients? Did I miss >something earlier in the thread? I was wanting to give a specific reject message for a particular address. It's a small, manually maintained maillist. I don't want the subscribers to reply to the "reply to" address, but I didn't want to reject mails without a friendlier explanation of where they should reply. An auto-reply with reject I guess. I expect there is a better way to do same, this seems to work OK. |