-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 2 Feb 2010, Edgar Fuß wrote:
Yes, I should rather reject them right in the MTA, but that currently takes too
long to implement. Or how to reject gast* in postfix using nss authentication?
http://ixquick.com/do/metasearch.pl?query=postfix+access+map+reject
http://www.securityfocus.com/infocus/1598
"Recipient Restrictions
Our last restriction is based on the message recipient (again, the
address listed in the 'RCPT TO' SMTP dialog, not the 'To:' address). The
recipient restrictions are similar to the sender restrictions, namely
reject_known_recipient_domain, reject_non_fqdn_recipient, and
check_recipient_access, and they work in the same manner. Thus, you could
include the following options in addition to any you already have:
smtpd_recipient_restriction = (other restrictions here)
check_recipient_access maptype:mapname,
reject_non_fqdn_recipient, reject_unknown_recipient_domain
"
http://www.postfix.org/access.5.html
or alias the GAST-accounts to something non-existing, e.g.
gast01: "|exit 67"
http://www.postfix.org/aliases.5.html
Regards,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS2l0Dr+Vh58GPL/cAQKYBQgAg8q8lVzTIH3Hx49Ta9qXpx1o+epvBxdf
tIqhfkIG1NHny6IyuExFy4rHctSiTq2/yMzXKmYLYnZGdn1NRqO4mje9HNhNcL5i
t6ZLun+4iv0oWI4FVLkyykca87huSf4xqFJhUAHp5chiqc+o1zadpkRCAf5dWODv
2fcpkF9EUfVcw525JE2ooS/oNEWGZQacVu6RasyUUVf0rayMeWJ3Cr0Niq51rtAq
2uw/FUnc0tz+TYjbV3jKS+qx/kKOupBuM2np9x3ByGwUno+0s9DKBQ2AGbD8WcOK
4AinB8xGKKltpbM35zxxZPMgLDDtkuvJgjggfE9jmdebws8/SCzixw==
=tjYe
-----END PGP SIGNATURE-----
