From: Brian Evans (no email)
Date: Wed Apr 23 2008 - 15:15:34 EDT
Carlos Williams wrote:
> I notice that my /etc/postfix/header_checks are doing a small portion
> of filtering out w/ little false positives however when I tried to add
> an entry into /etc/postfix/header_checks for the 1st time, I ran the
> postmap /etc/postfix/header_checks command and received a strange
> output from Postfix which leads me to beleive something is wrong
> Let me start by stating what my goal was:
> I wanted to disable "all" smtp inbound and outbound traffic to my
> domain as a test. I basically don't want anyone on this email server
> to be able to send or receive email from a specific domain. I was told
> to go to "header_checks" and enter this:
> /^To: <*@carlwill.com>/ REJECT We do not send email to this domain
> /^From: <*@carlwill.com>/ REJECT We do not accept email for this domain
> I want the sender to receive notification that the message will not be
> relayed to its destination based on this rule so I did not want to use
> So before I go deeper into my issue, was this the correct thing to do
> to obtain the goal I wanted? I assume a header_check entry would
> suffice and work but you guys are the experts.
You may wish to consider check_sender_access and check_recipient_access
tables in your smtpd_sender_restrictions and
smtpd_recipient_restrictions respectively. (after
reject_unauth_destination of course)
Note: filtering by what a transaction gives you as a FROM (both envelope
and header) is highly unreliable and easily forged.
> Secondly after I added this to my "header_checks" file, I ran "postmap
> /etc/postfix/header_checks" and got a strange output which to me looks
> like Postfix does not like my header_checks file format or something
> to that nature:
> Here is what I got:
> postmap: warning: /etc/postfix/header_checks.db: duplicate entry: "/^x-mailer:"
> postmap: warning: /etc/postfix/header_checks, line 474: record is in
> "key: value" format; is this an alias file?
> header_checks = regexp:/etc/postfix/header_checks
regexp files do not get postmap run on them.. Although, you can, and
should, run postmap using the -q option to validate entries.
See `man 1 postmap`