rejecting mail on Envelope RCPT != to a header recipient

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

rejecting mail on Envelope RCPT != to a header recipient

Calvin Browne
Hi all,


for certain envelope recipients, I'd like to subsequently go on to check
if we have any matching Recipient headers (TO: CC: etc) and reject the
email if none exist (preferably before the sending MTA completes the
transaction).

I understand that this needs to be done after the DATA phase - so using
a before queue filter?

The docs seem to indicate that I wont have access to the To: stuff at
that stage - is that true?


pointers appreciated


--Calvin

Reply | Threaded
Open this post in threaded view
|

Re: rejecting mail on Envelope RCPT != to a header recipient

Wietse Venema
Calvin Browne:

> Hi all,
>
>
> for certain envelope recipients, I'd like to subsequently go on to check
> if we have any matching Recipient headers (TO: CC: etc) and reject the
> email if none exist (preferably before the sending MTA completes the
> transaction).
>
> I understand that this needs to be done after the DATA phase - so using
> a before queue filter?
>
> The docs seem to indicate that I wont have access to the To: stuff at
> that stage - is that true?

Milters, after-queue filters, and before-queue filters have access
to envelope addresses and message headers.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: rejecting mail on Envelope RCPT != to a header recipient

Viktor Dukhovni
In reply to this post by Calvin Browne
> On Sep 27, 2018, at 4:29 AM, Calvin Browne <[hidden email]> wrote:
>
> I understand that this needs to be done after the DATA phase - so using a before queue filter?
>
> The docs seem to indicate that I wont have access to the To: stuff at that stage - is that true?

The Postfix access(5) machinery does not have access to the envelope
recipient list (when more than one recipient) in smtpd_data_restrictions
and smtpd_end_of_data_restrictions.  This in no way applies to before queue
proxy filter, since these of course receive the complete envelope and message
content.  What you cannot do is reject a non-empty proper subset of the
recipients, they must all get accepted or none, by accepting or reject the
entire message after "DOT".  You can silently drop some recipients, but that's
generally unwise.

--
        Viktor.