reject mail to all local system accounts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

reject mail to all local system accounts

cody
How do i reject incoming e-mail's from remote servers to all local
system accounts?
I can list them in a map via smtpd_recipient_restriction but wonder if
there is an easier way to do that.

thanks,
cody
Reply | Threaded
Open this post in threaded view
|

Re: reject mail to all local system accounts

Bob Proulx
cody wrote:
> How do i reject incoming e-mail's from remote servers to all local system
> accounts?
> I can list them in a map via smtpd_recipient_restriction but wonder if there
> is an easier way to do that.

One of the standard configurations is as a "null client".

    http://www.postfix.org/STANDARD_CONFIGURATION_README.html#null_client

    A null client is a machine that can only send mail. It receives
    no mail from the network, and it does not deliver any mail
    locally. A null client typically uses POP, IMAP or NFS for mailbox
    access.

If that is what you want then setting up the configuration as
described there is the way to do it.

If you only want to prevent some local addresses from receiving mail
while allowing the rest then a possible way is to add a check to
smtpd_recipient_restriction:

    smtpd_recipient_restrictions =
        ...
        check_recipient_access hash:/etc/postfix/recipient-access,
        ...

And in that file list addresses to be rejected.  Use postmap to update
the associated lookup table.

    [hidden email] REJECT User unknown in local recipient table
    [hidden email] REJECT User unknown in local recipient table
    [hidden email] REJECT User unknown in local recipient table
    [hidden email] REJECT User unknown in local recipient table

Documentation on this.

    http://www.postfix.org/RESTRICTION_CLASS_README.html

    http://www.postfix.org/postconf.5.html#check_recipient_access

And I am sure there are other alternatives too.

Bob
Reply | Threaded
Open this post in threaded view
|

Re: reject mail to all local system accounts

Viktor Dukhovni
In reply to this post by cody
> On Oct 10, 2020, at 10:06 AM, cody <[hidden email]> wrote:
>
> How do i reject incoming e-mail's from remote servers to all local system accounts?
> I can list them in a map via smtpd_recipient_restriction but wonder if there is an easier way to do that.

As mentioned in another response, the essential ingredient is an
empty "mydestination".  This is fleshed out in the linked null-client
overview.  This assumes that mail to local accounts should also not
be delivered locally when submitted via sendmail(1).

If you only want to block local delivery via SMTP, but want to have
it continue for local submission via sendmail(1), then you can set
local_recipient_maps to reject all users by specifying an empty
table (which is rather different from an empty list of tables).

        # Empty table means all local recipients rejected by smtpd(8)
        #
        local_recipient_maps = texthash:/dev/null

--
        Viktor.