6

How can I configure Postfix to silently drop / discard mails that were sent from one of my users to an external address?

I'm already able to discard all mails to external addresses using the following transport_maps

example.com      :
*          discard:

However I want to apply this rule to one user within my Postfix server only.

Also mails addressed to external and local addresses should get deliverd to the local users only.

Why do I need this?

The company I work at thinks that an intern should not sent mails directly to the customer. So the intern would send a mail using the customers address for to and adding his supervisor into the cc. Then Postfix shoud only deliver the mail to the supervisor so that he can check and sent the mail to the customer without searching for the customers address.

Martin
  • 175

2 Answers2

7

To do what OP need, we need a check at transport level, which turn out to be simple.

  1. Add following line to /etc/postfix/main.cf

    sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport_maps

  2. Create /etc/postfix/sender_transport_maps as follow

    user@local.domain   discard

  3. Create postfix map file and restart postfix

    cd /etc/postfix
postmap sender_transport_maps
service postfix restart

This method works because postfix only use transport map for out-bound mail. In this case, instead of using a normal smtp service (smtp:), we use postfix DISCARD service.

John Siu
  • 4,765
  • This just discards all mails from that sender - but I want to discard external mails only (mails not ending with @example.com) – Martin Dec 16 '12 at 22:54
  • So you want a specific user's email to a specific address be discarded? – John Siu Dec 16 '12 at 23:02
  • Almost. I want a specific users's mails to be send to the local addresses only - external mails from this user should be discarded silently. – Martin Dec 16 '12 at 23:42
  • ok, i have to revise the answer later. I am outside now and this is soemthing you don't keep in your head, lol. – John Siu Dec 16 '12 at 23:46
  • no problem - and thank you for helping me! – Martin Dec 16 '12 at 23:51
  • @Martin Updated – John Siu Dec 17 '12 at 01:27
  • I tried this but it doesn't allow the user to send mails that contain external (to:) and local (cc:) addresses because it does reject and not discard the mail. – Martin Dec 17 '12 at 08:30
  • hmm, ok, will revise. – John Siu Dec 17 '12 at 14:02
  • I even tried to use !/example.com/i DISCARD as local_domains but this will discard the entire mail - also for local users – Martin Dec 17 '12 at 16:10
  • @Martin that will not work as it is doing the check as email arrive. We need a check when email send out. That is what I am looking for now. – John Siu Dec 17 '12 at 16:17
  • @Martin Updated and should meet exactly what you need. – John Siu Dec 17 '12 at 17:35
  • it works - you saved me ... thank you so much for not giving me up after the first try! – Martin Dec 18 '12 at 07:46
  • I follow your method by setting sender_dependent_default_transport_maps, and it works. However, if someone pretends to be a powerful user by setting "Mail from address", he can still send mail outside. –  Oct 25 '13 at 09:41
  • If I want to read the discard email, is it possible? – Kevin Nguyen Sep 19 '18 at 01:58
2

The sender_dependent_default_transport_maps didn't work at all for me. Even with smtpd -vv in master.cf to increase debug didn't help let me know why it didn't work (possibly an old postfix version).

Instead I used

smtpd_sender_restrictions = check_sender_access  pcre:/etc/postfix/sender_domains, discard

with the sender_domains file containing

/user_to_be_blocked@domain.com/  DISCARD
/@domain.com/ OK

for eg, then restart postfix (pcre files do not need to be/can't be postmap'd)

math
  • 311