I have a small postfix server for a few domains of my own (matched with mydestination = pcre:/etc/postfix/mydestinations). I set some non-virtual aliases
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
In this file I defined generic aliases
generic: someuser
And with a recipient_delimiter = - I can now use generic-something@example.com as a disposable email address. As some of these generic addresses get spammed I can discard all email according to alias:
generic-spammed: /dev/null
This works beautifully, but it means I keep accepting those emails. Instead I would like to reject them. Reading the aliases doc, it seems I should be able to do the following to reject email with "user unknown" errors:
generic-spammed: |"exit 67"
Unfortunately the emails are bounced instead of rejected, contributing to backscatter. This means they are initially accepted, with 250 OK returned to the sender, before being bounced.
This is similar to this question, except I am using local destinations, not virtual ones. I have smtpd_reject_unlisted_recipient on as the default, and I suspect my problem is due to the following sentence from the doc:
The recipient domain matches $mydestination, $inet_interfaces or $proxy_interfaces, but the recipient is not listed in $local_recipient_maps, and $local_recipient_maps is not null.
Is the problem that the recipient is listed at all? Is there a way to reject these emails instead of bouncing them?
postconf -n returns the following:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
milter_default_action = accept
milter_protocol = 2
mua_client_restrictions = permit_sasl_authenticated, reject
mua_helo_restrictions = permit
mua_sender_restrictions = permit
mydestination = pcre:/etc/postfix/mydestinations
mydomain = xavasite.net
myhostname = dent.xavasite.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 185.26.124.183 [2001:4b98:dc2:47:216:3eff:fe3f:43d3]
myorigin = /etc/mailname
non_smtpd_milters = local:/var/run/opendkim/opendkim.sock
policy-spf_time_limit = 3600s
readme_directory = no
recipient_delimiter = -
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_junk_command_limit = 1
smtpd_milters = local:/var/run/opendkim/opendkim.sock
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy-spf, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org,
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/2015/GandiStandardSSLCA2.pem
smtpd_tls_cert_file = /etc/ssl/2015/xavier.robin.name.crt
smtpd_tls_key_file = /etc/ssl/2015/xavier.robin.name.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = RC4
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
