[Mimedefang] Postfix: How to run the milter BEFORE reject_unverified_recipient

Benoit Panizzon benoit.panizzon at imp.ch
Tue Feb 20 07:35:24 EST 2018

Hi Wietse

> Not possible. The Milter protocol implements the 'change sender'
> feature AFTER the entire message is received. That is long
> after the MAIL FROM and RCPT TO commands.

Ok, so if you activate reject_unverified_recipient it's not possible to
tell postfix not to call this function for local recipients, which
would anyway be rejected.

I did some further digging and found a posting of another user having
the problem, that he used reject_unverified_recipient but wanted to be
able to queue mails for a specific domain that is relayed through his
server in case the destination server is down.

Yes, sounds similar to my problem. He used check_recipient_access with
a hash map listing all recipients he wanted to queue.

This information and a google query if I could replace a hash map with
a regexp map later I had a working solution for my SRS problem:

smtpd_recipient_restrictions = 
	check_recipient_access regexp:/etc/postfix/noverify

And in /etc/postfix/noverify

/^SRS\d{1}.*/      OK
Now I just have to check that I didn't open an unauthenticated relay

Mit freundlichen Grüssen

-Benoît Panizzon-
I m p r o W a r e   A G    -    Leiter Commerce Kunden

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch

More information about the MIMEDefang mailing list