[ale] postfix + amavis + spamassassin - Reject based on to address

[Chris Ricker]

On Tue, 19 Oct 2004, Nathan J. Underwood wrote:

> I'm still googling for this (albeit poorly), but wanted to see if anyone 
> out there had an answer.  Is there a way using the setup below that I 
> can have the postfix box reject email based on the To: address (before 
> it gets to the exchange box)?
> 
> +----------+    +----------+   +-----------------------+    +----------+
> | Internet | -> | Firewall | ->| Postfix + SA + Amavis | -> | Exchange |
> +----------+    +----------+   +-----------------------+    +----------+

Yes, and it's important that you do so -- otherwise you flood innocent 
bystanders with bounces for emails they never sent.... There are actually 
RBLs which list sites which don't do end-recipient verification on their 
relay MTAs, and they're becoming more and more frequently used....

The exact details vary slightly with Exchange and Postfix versions, but what
you want to set up is a $relay_recipient_map on Postfix which lists valid
Exchange addresses.

If it's just a few addresses and they change rarely, do it by hand. If it's
a lot of addresses or they change frequently, you can configure Postfix to
directly query Exchange about recipient validity via LDAP.

Alternately, you can also write a simple Perl script which queries Exchange
over LDAP, and generates a local database on the Postfix box from the
results.  That's the approach I generally use -- in large setups it performs
better than firing up an LDAP query for each incoming email, and it means
that even when Exchange goes down you can still check recipient validity.

<http://www.postfix.org/docs.html> has links to a couple of howto's on it, 
or you can ask away here if you need more detailed information....

later,
chris