Receive mail from Paypal only to

jp flag

My postfix server accepts emails for 11 domains. I have email accounts on 2 of those domains. I would like to only have Paypal be able to send me emails to these accounts. So if sends me an email, I would like postfix to properly send it to /dev/null without it telling that his email was properly disposed of.

anx avatar
fr flag
How do you plan to recognize which mail is "from PayPal"? Have they stopped sending messages from **?
jp flag
@anx The only email I receive on those accounts from PayPal has a PayPal dot com domain. Then there is the junk that I don't want need to stay on the server.
fr flag

Postfix lookups may be nested, so you can first filter out the special-treatment receiving recipients, then selectively reject unexpected senders just for those.

Put a per-recipient lookup into a suitable restriction class. Typically smtpd_recipient_restrictions in `´, but if you use some form of whitelisting there you would have to think about the order, otherwise an override meant for other purposes might override the "only ACME" restriction too.

smtpd_recipient_restrictions =
 check_recipient_access pcre:/etc/postfix/access_recipient.pcre

In that lookup /etc/postfix/access_recipient.pcre, define which recipients need special treatment:

/^acme@(onedomain|otherdomain)\.example$/   smtpd_restriction_sender_acme

The create that new lookup back in

smtpd_restriction_classes =
smtpd_restriction_sender_acme =
  check_sender_access pcre:/etc/postfix/maps/access_sender_acme.pcre

In that lookup /etc/postfix/access_sender_acme.pcre, define which senders are treated normally, and what to do about the rest:

/@acme\.example$/              DUNNO
/./                            REJECT 5.7.0 Recipient is for ACME only


  1. My answer works for the non-existing unicorn company ACME Inc which promises to never send legitimate mail from envelope senders other than *@acme.example.

    This is not promised for PayPal, who instead of permanently discontinuing messages sent from their not publicly enumerated alternate domains, tell you to recognize phishing by the way that phishers might not spell out your full name. If PayPal sends you important, legitimate messages from other domains, you will not receive them.

  2. The entire solution is fairly useless if you are not also rejecting messages claiming to be from PayPal but failing to provide verifiable proof they really are. I recommend a DMARC milter set to reject failing messages.

  3. Surely you could also use DISCARD in place of DEFER or REJECT as I suggested, but that just means your setup is more annoying to diagnose should your selection criteria ever stop recognizing all the wanted mail, and additionally means you have to first receive the full mail, before recognizing it will not be delivered anyway.

jp flag
So much for me cutting the lawn tonight. Let me digest this routine and I'll post my findings.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.