In article <3R4sj.8081$0o7.6193@newssvr13.news.prodigy.net> , Bill Gee wrote:
> Thanks for the ideas. I have put this in and it seems to work for admin and
> root accounts, but postmaster is still getting through.

postmaster is special. The smtpd table checks don't
affect it. I believe this is the code for that.
In postfix-2.4.1, src/smtpd/smtpd_check.c lines 4114-4119 or so.


/*
* XXX 2821: Section 3.6 requires that "postmaster" be accepted even when
* specified without a fully qualified domain name.
*/
if (strcasecmp(recipient, "postmaster") == 0)
return (0);


If you want to block messages to postmaster using table lookups
under smtpd_recipient or _data _restrictions, you'll have to
comment that test out and recompile.

This feature is documented by the statement that Postfix
complies with RFC2821.

But remember client/recipient/data have
to do with position in the SMTP dialog, not with categories
of spam tests.

smtpd_client_restrictions doesn't treat postmaster specially,
because the recipient isn't yet known at that point in the dialog.

I have two sets of sender restrictions. The worst spam sources
are listed in tables under smtpd_client_restrictions.
Those are the networks so corrupt that I don't care if
I block postmaster messages from them.

(Actually I have three sets. I've got about 300 CIDRs in
Linux netfilter that aren't allowed to reach Postfix at all.
You can do this with little performance hit if you keep
them in their own table. Jump from INPUT to that table
when you see a SYN packet to port 25. But I digress.)

The rest of the known sources are listed in tables
under smtpd_recipient or _data. I get spam to postmaster
from them.




Cameron