Postings by mj

prevent NDRs for sieve-forwarded emails


Here is our situation:

We have an email server at where some folks setup a sieve
redirect to other mailboxes.

Now, consider the case where a <a href="mailto: ... at randomdomain dot com"> ... at randomdomain dot com</a> sends an email to
our <a href="mailto: ... at ourdomain dot com"> ... at ourdomain dot com</a>, and it is sieve-forwarded to <a href="mailto: ... at forwarddomain dot com"> ... at forwarddomain dot com</a>.

But suppose the <a href="mailto: ... at forwarddomain dot com"> ... at forwarddomain dot com</a> mailbox no longer exists: an NDR
is generated at

why is smtpd_recipient_restrictions ignored..?

Hi all,

This postfix 2.9.6 from wheezy. I have added to

and /etc/postfix/blacklisted_domains contains just one line:

I postmapped the file and restarted postfix.


send specific NDR message for users in certain OU


The question can perhaps be made more generic like this:

Can postfix generate a *specific* NDR (or an autoreply) for accounts
that meet a specific criterium, such as:
- user account was found under OU=to-delete,CN=company...
contrary to the regular location CN=Users,CN=company...

We would like to move to-be-deleted users to this container, before
actually deleting them.

sasl auth LOGIN / PLAIN


Just a small question: we currently use posfix with sasl authentication,
and folowing many docs, we have enabled PLAIN and LOGIN authentication.

However, googling leads me to believe that LOGIN is mostly used by
Outlook Express, and that most (or all?) modern clients support the
PLAIN mechanism.

I also noticed that most failed authentication attempts are done using

Now, assuming that most of these failed authentications are simply
username/password guessing...

check_sasl_access question


I would like to only allow sasl authenticated relay for specific users,
so I have in

smtpd_relay_restrictions = permit_mynetworks, check_sasl_access

and in /etc/postfix/sasl_list:
username1 OK
username2 REJECT
username3 OK

The config works.

limit sasl usernames

Hi all,

Is there a way to limit/restrict the usernames that are allowed to use
our postfix dovecot-sasl authenticated smtp relay?

We would like only *specific* usernames to be able to use the
authenticated relay. And currently everybody with dovecot imap access
can also use the relay. Is there a way to restrict that?

A simple list of usernames would work, or more advanced: dynamically
using an ldap lookup to check group membership.

Thanks in advance for pointers/tips,