Configuring Postfix to reject RCPT TO queries for local domain accounts involves two modification processes in an existing DDEI setup:
- Modify main.cf configuration file to accept wildcards in the recipient_access table:
- Log in to the DDEI’s CLI using root account.
-
Search for the parameter "unknown_local_recipient_reject_code" and change its value from 550 to 554:
unknown_local_recipient_reject_code = 554
- Add the "show_user_unknown_table_name" at the bottom of the main.cf file and set its value to “no”.
-
Configure smtpd_recipient_restrictions in main.cf:
smtpd_recipient_restrictions = check_recipient_access pcre:/opt/trend/ddei/postfix/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination
- Save the changes and exit out of the file.
-
Use regular expression in recipient_access file to define wildcard:
-
Query the DDEI server’s hostname:
# postconf myhostname
myhostname = ddei-158.danielvm.com -
Create the /opt/trend/ddei/postfix/etc/postfix/recipient_access using the touch command:
# cd /opt/trend/ddei/postfix/etc/postfix/
# touch recipient_access -
Modify the recipient_access file to define the wildcard using the hostname identified in Step B6. For example:
/.*@ddei-158.danielvm.com$/ REJECT Invalid Recipient
Use a space to separate “REJECT” and “Invalid Recipient” messages. - Save the changes and exit out of the file.
-
Run postmap on the recipient_access file:
# postmap /opt/trend/ddei/postfix/etc/postfix/recipient_access
-
Restart the Postfix service.
# service postfix restart
- Test via telnet email.
On a test environment using the steps above, the test results looked like this:
-