Hauke Fath <dont.spam.usenet@googlemail.com> wrote:

> Is there any other (convenient) way of whitelisting recipient addresses
> on a mail relay?

Thanks for all the contributions!

It took me a few days to get on top of this; I am riding the tail of a
Covid infection, and some days are better than others.

I have tried out two approaches, and both worked fine.

The first one uses "virtusertable" entries (listing the domains in
"virtuserdomains") of the shape

user1@example.com user1@example.com
[...]
@example.com error:nouser User unknown

which lead to a configuration error, unless you limit recursion with

define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')

(thanks, Andrzej).

The second approach uses "access" entries like

To:user1@example.com RELAY
[...]
To:example.com ERROR:550:"User unknown"

and requires invoking FEATURE(access_db) with "relaytofulladdress"
(thanks, Claus) as well as setting

FEATURE(`blocklist_recipients')

for the default block.

I ended up going with the second approach, since I had a stub
"access_db" configuration in place already to control relaying, and
didn't like the recursive mapping of "virtusertable".

The main relay had originally been set up to deliver mail locally
through "aliases" entries, but I decided to relay even local (root)
mail, which required an extra

define(`LOCAL_RELAY', `uucp-dom:uucphost')

matching (and in addition to) the mailertable entry for the domain to
get it right, even though I had emptied class {w} and set

define(`confDONT_PROBE_INTERFACES')
..

The destination machine on the far end of the uucp link then maps all
the addresses to local accounts with "virtusertable" entries.

Cheerio,
Hauke

--
Now without signature.