match from mail-from <blocked_senders> reject

That line doesn't have a for option, so "for local" is implied.

match from any for any mail-from <blocked_senders> reject

should do the trick.

However, if i use telnet/openssl s_client to connect to the server, I get an OK 
response to MAIL FROM:<> and can state RCPT TO and DATA 
any problems.

The reject (550 Invalid recipient) will happen after RCPT TO. (Earlier is only possible with a filter.) That is good and bad. The bad side is that the error message is "wrong", which makes stuff harder to debug. The good side of this behaviour is that it signals "Invalid recipient" to an adversary.


Reply via email to