If you do processing based on RCPT TO
address, you are going to flood this person with spam, because it will disable any further spam checks.
Your only option is to use check_sender_access
.
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/access_sender
reject_unauth_destination,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.mailspike.net,
check_policy_service unix:postgrey/socket
Like so:
fromuser@domain.com OK
domain.com OK
fromuser@ OK
dont forget to postmap access_sender
after you create it.
Disclaimer: this answer won't work as intended when process email which had multiple recipients with both internal and external domain in it
With postfix multi instance, the solution would be trivial. Just setup transport_maps
to second instance, then do rewriting in second instance.
Without multiple instance, you need two smptd processes, two cleanup processes and access map.The idea is do filtering in access maps instead in transport_maps. When an email has external domain recipient, it transported to second smtpd daemon. Then second smtpd daemon would call second cleanup daemon. First cleanup daemon won't have canonical maps parameter, while in second cleanup daemon, we will add that parameter to do rewriting.
In main.cf, define check_recipient_access in smtpd_*_restriction. For example:
smtpd_recipient_restriction =
...
check_recipient_access hash:/etc/postfix/external-filter
...
In external-filter
file define a filtering mechanism
external.example.com FILTER smtp:[127.0.0.1]:12525
In this example we will setup second smtpd daemon listen in 127.0.0.1 port 12525.
Now, setup second smtpd and cleanup daemon in master.cf
[127.0.0.1]:12525 .... smtpd -o cleanup_service_name=cleanup_rewrite
cleanup_rewrite .... cleanup -o canonical_maps=hash:/etc/postfix/mysender_rewriting
File mysender_rewriting
would contains a sender mapping as you intended.
Best Answer
You can use transport_maps
/etc/postfix/relay_maps
/etc/aliases
/etc/postfix/recipient_canonical
Note: you must create local user no-reply