block one email from being relayed?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

block one email from being relayed?

Joachim Rosenfeld
We have a host setup where we accept mail from all our trusted networks,
192.168/16 and relay it to various domains.

One of the domains we relay for is "example.org". That is, a number of
our hosts in the 192.168/16 space sends emails to "[user]@example.org",
Where [user] is any one of a number of different users.

These mails get properly relayed to example.org.


So here is the problem, we want to block ONE SINGLE email address,
"[hidden email]" and send it to /dev/null on our relayhost, but let all
the other mail in the *@example.org space through to example.org.


Is this possible with Postfix?

Joe
Reply | Threaded
Open this post in threaded view
|

Re: block one email from being relayed?

Noel Jones-2
Joachim Rosenfeld wrote:

> We have a host setup where we accept mail from all our trusted networks,
> 192.168/16 and relay it to various domains.
>
> One of the domains we relay for is "example.org". That is, a number of
> our hosts in the 192.168/16 space sends emails to "[user]@example.org",
> Where [user] is any one of a number of different users.
>
> These mails get properly relayed to example.org.
>
>
> So here is the problem, we want to block ONE SINGLE email address,
> "[hidden email]" and send it to /dev/null on our relayhost, but let all
> the other mail in the *@example.org space through to example.org.
>
>
> Is this possible with Postfix?
>
> Joe

You specifically want to accept and then discard mail to this
address?  Then a transport_maps entry is probably easiest.
# main.cf
transport_maps = hash:/etc/postfix/transport

# transport
[hidden email]  discard:address not allowed

It's generally considered more "polite" to reject mail you
don't intend to deliver, rather than just discarding. You can
do this with a check_recipient_access map placed somewhere in
your smtpd_*_restrictions

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: block one email from being relayed?

Joachim Rosenfeld
> >  So here is the problem, we want to block ONE SINGLE email address,
> >  "[hidden email]" and send it to /dev/null on our relayhost, but
> >  let all the other mail in the *@example.org space through to
> >  example.org.
>
> You specifically want to accept and then discard mail to this address?

Yes. The mails in question are all cron job reports, and right now, we
just want to silently accept and discard. Later on we will go through
all hosts and clean up these cron jobs, among other things.

> Then a transport_maps entry is probably easiest.

How is a transport map different from an access table? Going through the
docs, access tables *seems* to be what I am looking for.

Joe
Reply | Threaded
Open this post in threaded view
|

Re: block one email from being relayed?

mouss-2
Joachim Rosenfeld wrote:

>>>  So here is the problem, we want to block ONE SINGLE email address,
>>>  "[hidden email]" and send it to /dev/null on our relayhost, but
>>>  let all the other mail in the *@example.org space through to
>>>  example.org.
>>>      
>> You specifically want to accept and then discard mail to this address?
>>    
>
> Yes. The mails in question are all cron job reports, and right now, we
> just want to silently accept and discard. Later on we will go through
> all hosts and clean up these cron jobs, among other things.
>
>  
>> Then a transport_maps entry is probably easiest.
>>    
>
> How is a transport map different from an access table? Going through the
> docs, access tables *seems* to be what I am looking for.
>  

access actions apply to a message, not to a recipient. so if you use
DISCARD and a message is sent to multiple recipients, the message is
discarded. with transport_maps, only the copy to the "unwanted" user is
discarded.

also, access actions only apply to mail received via smtpd. I guess this
is your case though.
Reply | Threaded
Open this post in threaded view
|

Re: block one email from being relayed?

mouss-2
mouss wrote:

> Joachim Rosenfeld wrote:
>>>>  So here is the problem, we want to block ONE SINGLE email address,
>>>>  "[hidden email]" and send it to /dev/null on our relayhost, but
>>>>  let all the other mail in the *@example.org space through to
>>>>  example.org.
>>>>      
>>> You specifically want to accept and then discard mail to this address?
>>>    
>>
>> Yes. The mails in question are all cron job reports, and right now, we
>> just want to silently accept and discard. Later on we will go through
>> all hosts and clean up these cron jobs, among other things.
>>
>>  
>>> Then a transport_maps entry is probably easiest.
>>>    
>>
>> How is a transport map different from an access table? Going through the
>> docs, access tables *seems* to be what I am looking for.
>>  
>
> access actions apply to a message, not to a recipient. so if you use
> DISCARD and a message is sent to multiple recipients, the message is
> discarded. with transport_maps, only the copy to the "unwanted" user
> is discarded.

correction: of course, actions such as reject & permit apply to a
recipient. I was about actions like discard, redirect, filter...

>
> also, access actions only apply to mail received via smtpd. I guess
> this is your case though.

Reply | Threaded
Open this post in threaded view
|

Re: block one email from being relayed?

Noel Jones-2
In reply to this post by Joachim Rosenfeld
Joachim Rosenfeld wrote:

>>>  So here is the problem, we want to block ONE SINGLE email address,
>>>  "[hidden email]" and send it to /dev/null on our relayhost, but
>>>  let all the other mail in the *@example.org space through to
>>>  example.org.
>> You specifically want to accept and then discard mail to this address?
>
> Yes. The mails in question are all cron job reports, and right now, we
> just want to silently accept and discard. Later on we will go through
> all hosts and clean up these cron jobs, among other things.
>
>> Then a transport_maps entry is probably easiest.
>
> How is a transport map different from an access table? Going through the
> docs, access tables *seems* to be what I am looking for.
>
> Joe


Yes, you can also use a check_recipient_access map that
returns DISCARD.  An access map only works on SMTP submitted
mail and DISCARD affects all recipients of a multi-recipient
message.

Differences:
- access maps work during SMTP input
- transport works during output
- access maps are only effective on SMTP mail
- transport maps work on any mail in the postfix queue
- DISCARD in an access map affects all recipients of a
multi-recipient message
- the discard transport only affects the specified recipient

Many times you can use either choice.

--
Noel Jones