0

I am looking to update my postfix configuration so it restricts the domains to which emails can be sent. I am thinking of using smtpd_recipient_restrictions with check_recipient_access, based on this solution: https://serverfault.com/a/412805 Does this allow for regex? I want to say, only send emails to *@mydomain.com and block everyone else. Something like this:

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipients

where recipients will be:

*@mydomain.com PERMIT,
* REJECT,

Is this doable?

Edit: I know this is possible with transportmap, but we already use check_recipient_access to block a few ids, and I would prefer not to introduce another configuration if possible.

Fulliautomatix
  • 13
  • 3

1 Answers1

2

Yes, see man 5 regexp_table.

Format will be different, you need to spell out full regexps:

/.*@example\.com/ OK
/.*/ REJECT

or even shorter,

!/.*@example\.com/ REJECT

(default action will be "not found", so it'll continue with the following smtpd_recipient_restrictions items and will be permitted by default).

Save it into a file and hook like this:

smtpd_recipient_restrictions =
...
    check_recipient_access regexp:/etc/postfix/my_regexp_recipients.cf,
...

Postfix allows specifying regexps inline since version 3.7. Your table is very short, so you might end up with

smtpd_recipient_restrictions =
...
    check_recipient_access regexp:{ { !/.*@example\.com/ REJECT } },
...

and no additional files.

Be careful. You need to have other restriction items. Just setting it up like this could make your server an open relay towards *@example.com, if you don't take measures against it in this or other smtpd_*_restrictions parameters (reject_sender_login_mismatch and so on).

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45