postfix check_recipient_access syntax

I reject mail to unknown accounts with postfix by using the check_recipient_access feature. In my recipient_access file I list out each valid address and reject the rest of the domain. So my file looks something like:

bob@domain1.com OK
fred@domain1.com OK
domain1.com REJECT

There are certain addresses (info, webmaster, etc.) that appear in all domains and I would like to accept them globally. What would be the syntax to say info@{anything} is OK?
LVL 1
scarpenter104Asked:
Who is Participating?
 
de2ZotjesCommented:
Did some rechecking and the normal hash table cannot do what you want. The reason is that it will try domain lookup before userpart lookup. You keep hitting the domain lookup :(
The good news is that the regexp map type is your friend. The regexp map is always given the full data item, whether that be an ip-address or email-address. Another big difference is that order inside the table matters, the file is searched top to bottom and the first hit wins.

/^info@/ OK
/domain1.com$/ REJECT
/domain2.com$/ REJECT

Open in new window


refer to it as regexp:/etc/postfix/recipient_list
no need to build a db file
have fun.
0
 
de2ZotjesCommented:
from the man page (man 5 access):

        user@  Matches all mail addresses with the specified user part.
0
 
scarpenter104Author Commented:
I too can read a man page :-)

However, when I create a recipient_access file such as:

info@ OK
domain1.com REJECT
domain2.com REJECT

and send mail to info@domain1.com, I get: Recipient address rejected.

changing it to:

info@domain1.com OK
info@domain2.com OK
domain1.com REJECT
domain2.com REJECT

works. However, that requires that I make an entry for each domain which is what I'm trying to avoid.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
de2ZotjesCommented:
I didn't mean the ref to man page as a sny remark. Just noticed the {anything} and assumed you got the syntax wrong.

The pertinent bits of config for this should look like this:

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, check_recipient_access hash:/etc/postfix/recipient_list, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Open in new window


and the content of /etc/postfix/recipient_list
info@ OK
domain1.com REJECT

Open in new window


you will need to run
postmap /etc/postfix/recipient_list

Open in new window

after making changes to that file.

After setting up the files check whether lookups work by issuing:
MAIL_VERBOSE=1 postmap -q <insert lookup stuff here> /etc/postfix/recipient_list

Open in new window


Check the log files if you get any unexpected results and paste the logs here please.

(I know I am stating the obvious...)
0
 
scarpenter104Author Commented:
All this is already up and running and the lookups work fine if I use an explicit email address.

As you can see in my initial post, the wildcard works fine with the right side of an address.

domain1.com REJECT

does indeed reject any email address that matches domain1.com but doesn't match bob@domain1.com or fred@domain1.com.

However,

info@ OK
domain1.com REJECT

still rejects info@domain1.com.
0
 
de2ZotjesCommented:
Oh, and if you don't want to put all your stuff from the original recipient list you can ofcourse use a dunno as catch all and continue on in the original map:

smtpd_recipient_restrictions = check_recipient_access regexp:/etc/postfix/regex_recipient_list, 
                                               check_recipient_access hash:/etc/postfix/recipient_list, 
                                               reject_unauth_destination

Open in new window


and in the regex_recipient list have this as final entry:
/.*/ DUNNO

Open in new window

0
 
scarpenter104Author Commented:
Just to see if I have this right:
If it matches a rule in the regex file it stops there, otherwise it will evaluate the check_recipient.

Correct?
0
 
scarpenter104Author Commented:
Works perfectly!
user1@domain1.com is accepted, info@domain1.com is accepted and unknown@domain1.com is rejected.
Just to summarize, my entry in main.cf (all on one line) looks like this:
smtpd_recipient_restrictions = check_recipient_access regexp:/etc/postfix/recipient_access.regexp, 
check_recipient_access hash:/etc/postfix/recipient_access

Open in new window


/etc/postfix/recipient_access.regexp contains:
/^info&/        OK

/.*/    DUNNO

Open in new window


/etc/postfix/recipient_access contains:
domain1.com REJECT
domain2.com REJECT
user1@domain1.com OK
user2@domain1.com OK
user1@domain2.com OK
user2@domain2.com OK

Open in new window

0
 
scarpenter104Author Commented:
*sigh* couldn't post without making a mistake.

/etc/postfix/recipient_access.regexp contains:
/^info@/        OK

/.*/    DUNNO

Open in new window


They need an edit option here. :-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.