Would it be possible to implement (from canonical(5), virtual(5))

ADDRESS EXTENSION
     When table lookup fails, and the address localpart contains
     the optional recipient delimiter (e.g., user+foodomain),
     the search is repeated for the unextended address (e.g.
     userdomain), and the unmatched extension is propagated to
     the result of table lookup. The matching order is:
     user+foodomain, userdomain, user+foo, user, and domain.

 for access(5)?

 Problem: to foil "Rumplestiltskin" attacks, I was going to set up an
 access restriction

smtpd_recipient_restrictions =
  check_recipient_access hash:/etc/postfix/valid_rcpt
  reject

 where valid_rcpt contains a list of localparts gathered from
 aliases/yp/virtual tables.

 localpart1 OK
 localpart2 OK
 ...

 But this config rejects plussed addresses, and for now I have to use
 an ugly workaround with an additional regexp map before the reject.

 Is there a better solution? Do you think that access(5), too,
 should allow "$recipient_delimiter" delimited local-parts?

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]