Join Log in
Score:0
avatar Server

Receive mail from Paypal only to [email protected]

jp flag
Curious Sam

My postfix server accepts emails for 11 domains. I have [email protected] email accounts on 2 of those domains. I would like to only have Paypal be able to send me emails to these accounts. So if [email protected] sends me an email, I would like postfix to properly send it to /dev/null without it telling [email protected] that his email was properly disposed of.

41
0 + 0
anx avatar
fr flag
anx
How do you plan to recognize which mail is "from PayPal"? Have they stopped sending messages from *[email protected]*?
0
Reply
jp flag
Curious Sam
@anx The only email I receive on those accounts from PayPal has a PayPal dot com domain. Then there is the junk that I don't want need to stay on the server.
0
Reply
Score:0
anx avatar Server
fr flag
anx

Postfix lookups may be nested, so you can first filter out the special-treatment receiving recipients, then selectively reject unexpected senders just for those.

Put a per-recipient lookup into a suitable restriction class. Typically smtpd_recipient_restrictions in `main.cf´, but if you use some form of whitelisting there you would have to think about the order, otherwise an override meant for other purposes might override the "only ACME" restriction too.

smtpd_recipient_restrictions =
 [..]
 reject_non_fqdn_recipients
 check_recipient_access pcre:/etc/postfix/access_recipient.pcre
 [..]

In that lookup /etc/postfix/access_recipient.pcre, define which recipients need special treatment:

/^acme@(onedomain|otherdomain)\.example$/   smtpd_restriction_sender_acme

The create that new lookup back in main.cf:

smtpd_restriction_classes =
  smtpd_restriction_sender_acme
  [..]
smtpd_restriction_sender_acme =
  check_sender_access pcre:/etc/postfix/maps/access_sender_acme.pcre

In that lookup /etc/postfix/access_sender_acme.pcre, define which senders are treated normally, and what to do about the rest:

/@acme\.example$/              DUNNO
/./                            REJECT 5.7.0 Recipient is for ACME only

Cross-check:

  1. My answer works for the non-existing unicorn company ACME Inc which promises to never send legitimate mail from envelope senders other than *@acme.example.

    This is not promised for PayPal, who instead of permanently discontinuing messages sent from their not publicly enumerated alternate domains, tell you to recognize phishing by the way that phishers might not spell out your full name. If PayPal sends you important, legitimate messages from other domains, you will not receive them.

  2. The entire solution is fairly useless if you are not also rejecting messages claiming to be from PayPal but failing to provide verifiable proof they really are. I recommend a DMARC milter set to reject failing messages.

  3. Surely you could also use DISCARD in place of DEFER or REJECT as I suggested, but that just means your setup is more annoying to diagnose should your selection criteria ever stop recognizing all the wanted mail, and additionally means you have to first receive the full mail, before recognizing it will not be delivered anyway.

0 + 0
jp flag
Curious Sam
So much for me cutting the lawn tonight. Let me digest this routine and I'll post my findings.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.