Loading ...
Sorry, an error occurred while loading the content.

Re: Bounce a particular recipient address with specified reject message

Expand Messages
  • Stan Hoeppner
    ... Yes, you have: check_client_access hash:/etc/postfix/access which is wrong for matching email addresses: check_client_access type:table Search the
    Message 1 of 12 , Nov 30, 2009
    View Source
    • 0 Attachment
      techlist06 put forth on 11/30/2009 1:59 PM:
      > I tried to setup an access map and reject a specific user. But the mails to
      > that user are not rejected. I tried adding the access map in a few
      > different places in the configuration, so far none worked. It shows up in
      > the smtpd_recipient_restrictions line below. Can anyone see what I did
      > wrong?:

      Yes, you have:

      check_client_access hash:/etc/postfix/access

      which is wrong for matching email addresses:

      check_client_access type:table
      Search the specified access database for the client hostname, parent
      domains, client IP address, or networks obtained by stripping least
      significant octets. See the access(5) manual page for details.


      You need check_recipient_access type:table

      check_recipient_access type:table
      Search the specified access(5) database for the resolved RCPT TO
      address, domain, parent domains, or localpart@, and execute the
      corresponding action.

      Example:

      smtpd_recipient_restrictions =
      check_recipient_access hash:/etc/postfix/access

      /etc/postfix/access
      maillist2@... 550 REJECT

      Also, postmap /etc/postfix/access every time you make changes to it. If
      you did not reload postfix after creating the access file and adding it
      to main.cf, you also need to restart postfix.

      > My access map file has:
      > maillist2@... 550 REJECT
      >
      > The corresponding access.db file is built and fresh
      >
      > But mails to maillist2@... get through without issue.

      BTW, if you are trying to block all access to this email address, why
      not just remove it from your list(s) of valid recipients? Did I miss
      something earlier in the thread?

      --
      Stan
    • techlist06
      ... Thanks, that fixed my error. ... I was wanting to give a specific reject message for a particular address. It s a small, manually maintained maillist. I
      Message 2 of 12 , Nov 30, 2009
      View Source
      • 0 Attachment
        > You have:
        >check_client_access hash:/etc/postfix/access
        >which is wrong for matching email addresses:

        Thanks, that fixed my error.

        >check_recipient_access hash:/etc/postfix/access
        >BTW, if you are trying to block all access to this email address, why
        >not just remove it from your list(s) of valid recipients? Did I miss
        >something earlier in the thread?

        I was wanting to give a specific reject message for a particular address.
        It's a small, manually maintained maillist. I don't want the subscribers to
        reply to the "reply to" address, but I didn't want to reject mails without a
        friendlier explanation of where they should reply. An auto-reply with
        reject I guess.

        I expect there is a better way to do same, this seems to work OK.
      • Stan Hoeppner
        ... So, lemme get this straight. You changed the list address, but instead of just sending an email to the list addresses telling all users of the list
        Message 3 of 12 , Nov 30, 2009
        View Source
        • 0 Attachment
          techlist06 put forth on 11/30/2009 3:14 PM:
          >> You have:
          >> check_client_access hash:/etc/postfix/access
          >> which is wrong for matching email addresses:
          >
          > Thanks, that fixed my error.
          >
          >> check_recipient_access hash:/etc/postfix/access
          >> BTW, if you are trying to block all access to this email address, why
          >> not just remove it from your list(s) of valid recipients? Did I miss
          >> something earlier in the thread?
          >
          > I was wanting to give a specific reject message for a particular address.
          > It's a small, manually maintained maillist. I don't want the subscribers to
          > reply to the "reply to" address, but I didn't want to reject mails without a
          > friendlier explanation of where they should reply. An auto-reply with
          > reject I guess.
          >
          > I expect there is a better way to do same, this seems to work OK.

          So, lemme get this straight. You changed the list address, but instead
          of just sending an email to the list addresses telling all users of the
          list address change, you just decided to, in essence, inform them via an
          NDR when they send mail to the list? There have got to be at least 1000
          list management how-to's on the web, and not a one would recommend you
          do this in this way, and probably all 1000 would say _never_ manage a
          list this way...yikes.

          --
          Stan
        • techlist06
          ... No I didn t change the list address. It is not a mail list like this one, more of an announcement list . It is not a 2-way mailing list. The
          Message 4 of 12 , Nov 30, 2009
          View Source
          • 0 Attachment
            >So, lemme get this straight. You changed the list address, but instead
            >of just sending an email to the list addresses telling all users of the
            >list address change, you just decided to, in essence, inform
            >them via an
            >NDR when they send mail to the list? There have got to be at
            >least 1000
            >list management how-to's on the web, and not a one would recommend you
            >do this in this way, and probably all 1000 would say _never_ manage a
            >list this way...yikes.

            No I didn't change the list address. It is not a "mail list" like this one,
            more of an "announcement list". It is not a 2-way mailing list. The
            subscribers don't send anything to it for other subscribers to see. It's
            used rarely to send announcements of event cancellations, etc. About 1000
            subscribers manually maintained. But, the users tend to start a (unrelated)
            communication with us via replying to that announcement list's "reply to"
            address since that is where they last received a message from us. And so
            their message does not go to the right person, it goes to the source address
            of the announcement and we have to sort through them and direct the message
            to where it should have gone to start with. We just want to let subscriber
            who incorrectly sends to the announcement list address to use one of the
            "correct" addresses to communicate with us, not via replying to the
            announcement list. See? FWIW, we tell them not to do it with a footer and
            header on every announcement email, but they do it anyway. I'm sure there
            is a better way, this seemed easy enough to implement. Perhaps and
            auto-reply type setup to that particular address. I looked at those and
            they looked more difficult to set up. I'd be grateful for better
            suggestions. I'll look for a better way to notify them.

            Thanks very much for the help.
          • Noel Jones
            ... The envelope sender where delivery problems are reported can be different from the From: header displayed in most email clients, which can also be
            Message 5 of 12 , Nov 30, 2009
            View Source
            • 0 Attachment
              On 11/30/2009 3:52 PM, techlist06 wrote:
              >> So, lemme get this straight. You changed the list address, but instead
              >> of just sending an email to the list addresses telling all users of the
              >> list address change, you just decided to, in essence, inform
              >> them via an
              >> NDR when they send mail to the list? There have got to be at
              >> least 1000
              >> list management how-to's on the web, and not a one would recommend you
              >> do this in this way, and probably all 1000 would say _never_ manage a
              >> list this way...yikes.
              >
              > No I didn't change the list address. It is not a "mail list" like this one,
              > more of an "announcement list". It is not a 2-way mailing list. The
              > subscribers don't send anything to it for other subscribers to see. It's
              > used rarely to send announcements of event cancellations, etc. About 1000
              > subscribers manually maintained. But, the users tend to start a (unrelated)
              > communication with us via replying to that announcement list's "reply to"
              > address since that is where they last received a message from us. And so
              > their message does not go to the right person, it goes to the source address
              > of the announcement and we have to sort through them and direct the message
              > to where it should have gone to start with. We just want to let subscriber
              > who incorrectly sends to the announcement list address to use one of the
              > "correct" addresses to communicate with us, not via replying to the
              > announcement list. See? FWIW, we tell them not to do it with a footer and
              > header on every announcement email, but they do it anyway. I'm sure there
              > is a better way, this seemed easy enough to implement. Perhaps and
              > auto-reply type setup to that particular address. I looked at those and
              > they looked more difficult to set up. I'd be grateful for better
              > suggestions. I'll look for a better way to notify them.
              >
              > Thanks very much for the help.
              >
              >
              >

              The envelope sender where delivery problems are reported can
              be different from the From: header displayed in most email
              clients, which can also be different from the Reply-To: header
              where most mail clients will send if you hit the "Reply" button.

              You mustn't block the mail list's envelope sender address; you
              must be able to receive non-delivery notifications.

              There's nothing wrong with rejecting incoming mail addressed
              to the mail list "From:" address for an announce-only list.

              In your case, it would be a nice touch to add a Reply-To:
              header that points to the human contact or help desk as a
              convenience for your recipients.

              Look at this message -- the envelope is
              "owner-postfix-users@..." the From: displayed by your mail
              client is "Noel Jones", but if you hit your reply button it
              will be addressed to "postfix-users@..." since I want replies
              to go to the list.


              -- Noel Jones
            • techlist06
              Noel: Thank you. ... I believe I understand and that was exactly what I was setting up, I think. This is what I had setup to do: The original message is
              Message 6 of 12 , Nov 30, 2009
              View Source
              • 0 Attachment
                Noel:

                Thank you.

                >The envelope sender where delivery problems are reported can
                >be different from the From: header displayed in most email
                >clients, which can also be different from the Reply-To: header
                >where most mail clients will send if you hit the "Reply" button.
                >
                >You mustn't block the mail list's envelope sender address; you
                >must be able to receive non-delivery notifications.

                >There's nothing wrong with rejecting incoming mail addressed
                >to the mail list "From:" address for an announce-only list.

                I believe I understand and that was exactly what I was setting up, I think.
                This is what I had setup to do:
                The original message is actually sent from maillist@.... The
                envelope sender as I understand it.

                I NEED to know when a announcement message bounces, because that is how I
                maintain the list manually, and remove any invalid entries. When they
                bounce, I know they are bad, or I can decide if they've had too many
                "mailbox full" replies, etc. and I then I remove the bounced address from
                the distribution list. So I have not blocked the envelope sender.

                For announcements I send, I have the "Reply to" set to a different, but
                similar address which is: maillist_noreply@... (still trying to get
                their attention to not reply to the address). This is the address I have
                blocked in my new access table.

                So, if they click on "reply" in their client, the reply message should be
                sent to maillist_noreply@.... My end accepts it (through spam
                filters), but then rejects the address with my custom reject message via my
                new access table with:
                maillist_noreply@... 550 Do not reply to this address, instead do
                this.....

                I did not add all that detail in my original post to avoid confusing my
                original question. Thanks for the detailed reply and helping me be sure I
                wasn't doing something wrong/improper.

                Best,
                Scott
              • Charles Marcus
                ... You are NOT rejecting , you are ACCEPTING, then BOUNCING, which you should never do if you can possibly help it. Reject it at smtp time. Why waste system
                Message 7 of 12 , Dec 1, 2009
                View Source
                • 0 Attachment
                  On 11/30/2009, techlist06 (techlist06@...) wrote:
                  > So, if they click on "reply" in their client, the reply message should be
                  > sent to maillist_noreply@.... My end accepts it (through spam
                  > filters), but then rejects the address with my custom reject message via my
                  > new access table with:

                  You are NOT 'rejecting', you are ACCEPTING, then BOUNCING, which you
                  should never do if you can possibly help it. Reject it at smtp time.

                  Why waste system resources scanning messages you will later bounce?
                • techlist06
                  ... I understand your point. Thank you for correcting my syntax. FWIW, this will only happen to a relatively minuscule number of inbound messages. I don t
                  Message 8 of 12 , Dec 1, 2009
                  View Source
                  • 0 Attachment
                    >You are NOT 'rejecting', you are ACCEPTING, then BOUNCING, which you
                    >should never do if you can possibly help it. Reject it at smtp time.
                    >
                    >Why waste system resources scanning messages you will later bounce?

                    I understand your point. Thank you for correcting my syntax. FWIW, this
                    will only happen to a relatively minuscule number of inbound messages. I
                    don't *think* it will take much in the way of resources. For my specific
                    purpose, this check is to deal with the occasional, but fairly regular
                    incorrect replies to the announcement list. The access map check is likely
                    to only have to deal with such an "accept, then bounce" a few times a week.
                    So I figured instead of testing thousands per day of unrelated inbound
                    messages against this access check that I know will get "hit" rarely, I
                    figured it would be better to put the check nearer the end of my UCE checks.
                    Which will cause the occasional accept then bounce.

                    Mainly I was apprehensive about moving the restriction on my main.cf. I
                    have tried to carefully select respected authorities books and one
                    particular UCE "guide" to build my main.cf. And it works very, very well
                    (thanks Ralf). Not being an expert, I don't want to accidentally break
                    anything that is there and screw it up. If you have a suggestion on where
                    to put the access map restriction in my setup, I'm all ears.

                    Thanks!
                  Your message has been successfully submitted and would be delivered to recipients shortly.