Problem solved using a postscreen directive.
I loosely followed the instructions from this post - https://serverfault.com/questions/919458/postfix-reject-incoming-mail-for-certain-recipients
In ./data/conf/postfix
create or edit extra.cf
. I added the following directive which already exists in main.cf. It’s my understanding for a proper override, the entirety of the directive has to be added. The last line (check_recipient_access
) is new.
smtpd_recipient_restrictions = check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
permit_sasl_authenticated,
permit_mynetworks,
check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
reject_invalid_helo_hostname,
reject_unauth_destination,
check_recipient_access hash:/opt/postfix/conf/recipient_access
In ./data/conf/postfix
create text file recipient_access
. Contents looks like this. These are the blacklisted email addresses I wanted rejected at smtp level.
blockedemail1@domain.com 550 The email account that you tried to reach does not exist.
blockedemail2@domain.com 550 The email account that you tried to reach does not exist.
blockedemail3@domain.com 550 The email account that you tried to reach does not exist.
.
.
email@domain.com 550 The email account that you tried to reach does not exist.
Log in to postfix - docker exec -it mailcowdockerized-postfix-mailcow-1 bash
, change to the /opt/postfix/conf
folder and run postmap ./recipient_access
Exit and restart postfix docker compose restart postfix-mailcow
The following postfix log entry appears for email received for the blacklisted addresses.
NOQUEUE: reject: RCPT from sonic303-1.consmr.mail.bf2.yahoo.com[74.6.131.40]: 550 5.7.1 <email@domain.com>: Recipient address rejected: The email account that you tried to reach does not exist.; from=<sender@aol.com> to=<email@domain.com> proto=ESMTP helo=<sonic303-1.consmr.mail.bf2.yahoo.com>