Recipient Access and Local Exchange Servers

Discussion in 'General' started by pyte, Nov 4, 2022.

  1. pyte

    pyte Active Member HowtoForge Supporter

    is there a quick and easy way to configure the postfix blacklist/whitelist module of ISPConfig, that whitelist entries get checked before blacklist entries by postfix?

    The file contains the SQL Query to check for access:
    query = select access from mail_access where source = '%s' and type = 'recipient' and active = 'y' and server_id = 7
    This will match the first entrie within the mail_access table.
    What i'm trying to achieve is to blacklist a whole domain with "*@domain.tld", which works great, but exclude special mail adresses like "[email protected]" from it.

    Any idea how i can get this to first check for a access "OK"?

    Ultimately what i am trying to achieve is blocking all recipient adresses excpect the ones that i define. We have a few customers with local exchange servers, they grab the mail from a "catchall mailbox" on our mailservers and deliver them locally. To eliminae unwanted mails/spam, our mailserver should only accept mails for mailboxes that are existing within the local exchange. We have a software that keeps a list of the local mailsadresses that the exchange is aware of updated, so i know what i need to accept, and block the rest.

    Does anyone have a good idea how i can make this work, blacklisting/whitelisting with postfix seems a bit hacky?
  2. pyte

    pyte Active Member HowtoForge Supporter

    The best way to manage this seems to be not using catchall rules at all and instead just create aliases for the mailbox. So any unknown recipient will get reject and every alias will get happily accepted. This is way more sane, but i couldn't figure it out right away :D
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, that's exactly the way this should be set up. using wildcards makes no sense as it would just cause bounces and your system will get blacklisted for backscatter soon.
    ahrasis and pyte like this.
  4. pyte

    pyte Active Member HowtoForge Supporter

    I don't know why i wasn't aware of it, i guess thinking too much within our old setup causes blindness for seemingly obvious things ;)

Share This Page