-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 2 Feb 2010, Edgar Fuß wrote:
Yes, I should rather reject them right in the MTA, but that currently takes too long to implement. Or how to reject gast* in postfix using nss authentication?
http://ixquick.com/do/metasearch.pl?query=postfix+access+map+reject
http://www.securityfocus.com/infocus/1598
"Recipient Restrictions Our last restriction is based on the message recipient (again, the address listed in the 'RCPT TO' SMTP dialog, not the 'To:' address). The recipient restrictions are similar to the sender restrictions, namely reject_known_recipient_domain, reject_non_fqdn_recipient, and check_recipient_access, and they work in the same manner. Thus, you could include the following options in addition to any you already have: smtpd_recipient_restriction = (other restrictions here) check_recipient_access maptype:mapname, reject_non_fqdn_recipient, reject_unknown_recipient_domain "
http://www.postfix.org/access.5.html
or alias the GAST-accounts to something non-existing, e.g.
gast01: "|exit 67"
http://www.postfix.org/aliases.5.html
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS2l0Dr+Vh58GPL/cAQKYBQgAg8q8lVzTIH3Hx49Ta9qXpx1o+epvBxdf tIqhfkIG1NHny6IyuExFy4rHctSiTq2/yMzXKmYLYnZGdn1NRqO4mje9HNhNcL5i t6ZLun+4iv0oWI4FVLkyykca87huSf4xqFJhUAHp5chiqc+o1zadpkRCAf5dWODv 2fcpkF9EUfVcw525JE2ooS/oNEWGZQacVu6RasyUUVf0rayMeWJ3Cr0Niq51rtAq 2uw/FUnc0tz+TYjbV3jKS+qx/kKOupBuM2np9x3ByGwUno+0s9DKBQ2AGbD8WcOK 4AinB8xGKKltpbM35zxxZPMgLDDtkuvJgjggfE9jmdebws8/SCzixw== =tjYe -----END PGP SIGNATURE-----