How to use Postfix Restriction Classes to block email from one source to one destination


I couldn't find a good write-up of how to do this.  So here it is.  This is for Postfix-2.3.8 as packaged by Debian-4.0 "Etch."

I've got a Postfix forwarding alias.  It's getting spam from a source I can't just block.  (Some other users like it.)  The final destination won't take it because the envelope sender fails SMTP Callback.  I want to block mail from newsletter@example.net only if the recipient is grandma@mydomain.net.

We define a restriction class which will be used for discovering recipients who don't want this particular newsletter, in /etc/postfix/main.cf:

alias_maps = hash:/etc/postfix/aliases
smtpd_restriction_classes = no_newsletter
no_newsletter =
   check_sender_access hash:/etc/postfix/sender-newsletter
   check_client_access hash:/etc/postfix/access
   reject_unauth_destination
   reject_unknown_hostname
   reject_unknown_client
smtpd_recipient_restrictions = permit_mynetworks
   check_client_access hash:/etc/postfix/access
   check_recipient_access hash:/etc/postfix/recipients
   reject_unauth_destination
   reject_unknown_hostname
   reject_unknown_client
   reject_rbl_client dnsbl.njabl.org
   reject_unauth_destination
   reject_unknown_hostname
   reject_unknown_reverse_client_hostname
   reject_unknown_client

We define who the picky recipients are, in /etc/postfix/recipients:

abuse@mydomain.net         OK
longgone@mydomain.net      REJECT   longgone has moved to longgone@example.edu
grandma@mydomain.net       no_newsletter

Everybody's forwarding aliases, including the picky recipient, are defined in /etc/postfix/aliases:

abuse:                     me@mydomain.net
grandma@mydomain.net:      grandma@fussy-place.example.com

The map of senders only interesting to newsletter avoiders is in a new file, /etc/postfix/sender-newsletter:

newsletter@example.net     REJECT   Please fix your broken rDNS.  You're failing SMTP callback.


That's all there is to it.  The aliases file is built with Postfix' newaliases command.  The recipients and sender-newsletter file is built with postmap.  One might argue that there is no information here that couldn't be found in the RESTRICTION_CLASS_README.txt distributed in the Postfix source.  But there is a big difference between "it's there" and "it's obvious."