in-out policy
---
450 Requested mail action not taken: mailbox unavailable (e.g., mailbox busy or temporarily blocked for policy reasons)
550 Requested action not taken: mailbox unavailable (e.g., mailbox not found, no access, or command rejected for policy reasons)
the check_recipient_access doesn't work alone, but within smtpd_recipient_restrictions.
smtpd_recipient_restrictions =
permit_mynetworks,
check_recipient_access hash:/etc/postfix/recipient_access,
In addition to the error code you can use a custom human readable, informational error message:
# vi /etc/postfix/recipient_access:
joe@example.com 550 Mailbox doesn't exist. See https://example.com/contact
mary@example.com 550 Mary no longer works at Example Ltd. Contact Jason, instead.
# postmap /etc/postfix/recipient_access
postfix, how could disable incoming mail
# /etc/postfix/main.cf
inet_interfaces = loopback-only
This effectively blocks incoming connections, disallowing mail delivery. In addition, you should set
my_destinations =
This disables all local mail delivery. This should obviously only be used if you want mail for e.g. root and similar (typically crontab-generated) to be sent to an external host. If you want local delivery of such mail, leave my_destinations as is.
Postfix: how to block incoming emails to a specific recipient
# vi /etc/postfix/virtual_alias_maps
user1@example.com devnull
In # vi /etc/aliases, add the following line:
devnull: /dev/null
This defines a mailbox named devnull and stores its contents in /dev/null.
Don't forget to update the alias caches and restart Postfix, for example like
postmap /etc/postfix/virtual_alias_maps
newaliases
systemctl restart postfix
postfix to block all emails except the specified email accounts [outgoing]
the postfix mail server to send or disregard the emails
# cp -p /etc/postfix/main.cf /etc/postfix/main.cf.original
# vi /etc/postfix/main.cf
add the below line on the configuration
transport_maps = hash:/etc/postfix/transport
Now we need to edit the file /etc/postfix/transport
# vi /etc/postfix/transport
Here add the domain which we need to allow sending mail
example.com :
* discard;
This will simply discard messages to any email address not of the domain example.com. If you wanted to reject with an error you’d use (set the error text to suit your needs), You can add like this
example.com:* error: Not allowed for all domains# postmap /etc/postfix/transport
To silently drop outgoing email, can also use transport map file
# main.cf
transport_maps = hash:/etc/postfix/transport_maps
containing entries like :
email-to-bin@example.com discard:
@domain-to-bin.com discard:
Block outgoing mail to specific address using Postfix
# vi main.cf
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/bad_recipients,
permit_mynetworks,
reject_unauth_destination,
permit
And in # vi /etc/postfix/bad_recipients
bad_user1@example.com REJECT We don't like him
bad_user2@example.org REJECT Delivery to this user is prohibited
How to discard mails sent from a specific local user to external addresses?
Add following line to /etc/postfix/main.cf
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport_maps
Create /etc/postfix/sender_transport_maps as follow
user@local.domain discard
Create postfix map file and restart postfix
- cd /etc/postfix
- postmap sender_transport_maps
- service postfix restart
OR
smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/sender_domains, discard
with the sender_domains file containing
/user_to_be_blocked@domain.com/ DISCARD /@domain.com/ OK
-----------------------------------------X-----------------------------------
Postfix limit incoming or receiving email rate
A. Postfix (smtpd daemon) can enforce a number of limits on incoming email. This will stop email flooding attacks.
A bot connects to your Postfix email server and sends garbage commands or spam, attempting to crash your server. You can limit:
=> The length of lines in a message and so on
=> The size of messages
=> The number of recipients for a single delivery
Try following directives in your postfix main.cf config file:
smtpd_error_sleep_time – The SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than smtpd_hard_error_limit errors, without delivering mail.
smtpd_soft_error_limit : The number of errors a remote SMTP client is allowed to make without delivering mail before the Postfix SMTP server slows down all its responses.
smtpd_hard_error_limit : The maximal number of errors a remote SMTP client is allowed to make without delivering mail. The Postfix SMTP server disconnects when the limit is exceeded.
Open config file
# vi main.cf
Append following directives:
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Save and restart/reload postfix configuration
# /etc/init.d/postfix restart
Postfix waits one second before each error such as HELO command not provided or FQDN hostname does not exists etc After 10 such errors postfix will start to increase delay. If error limits touches 20 Postfix will disconnect client.
You can see this in action from /var/log/maillog file:
Dec 15 16:50:59 server postfix/anvil[20799]: statistics: max connection rate 1/60s for (smtp:80.224.37.124) at Dec 15 16:47:29 Dec 15 16:50:59 server postfix/anvil[20799]: statistics: max connection count 1 for (smtp:80.224.37.124) at Dec 15 16:47:29 Dec 15 16:50:59 server postfix/anvil[20799]: statistics: max cache size 2 at Dec 15 16:47:38
Redirect specific e-mail address sent to a user, to another user
Sent from: user@isp.com
Addressesd to: user@ourcompany.com
Result: redirect e-mail to: user2@ourcompany.com.
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
# vi sender_access
sender@otherdomain.com REDIRECT you@yourdomain.com
sender@otherdomain.com REDIRECT you@yourdomain.com | your2@secondomain.com
-----------------------
#cat main.cf .. header_checks = pcre:/etc/postfix/header_checks .. #cat /etc/postfix/header_checks /From:.*@extdomain1.ltd/ REDIRECT specialuser@domain.ltd
----------------------
---