From 107b973313bc36a158895de335d07958ce53f2df Mon Sep 17 00:00:00 2001
From: Mar Alegre <mar@mar.alemor.org>
Date: Mon, 27 Dec 2021 18:45:54 -0500
Subject: [PATCH] Added destination blacklisting using .deny files in aliases.d

---
 mailsrv/assets/bin/mkvirt           | 5 ++++-
 mailsrv/assets/postfix/main.cf.part | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/mailsrv/assets/bin/mkvirt b/mailsrv/assets/bin/mkvirt
index 5ffe666..f336af7 100755
--- a/mailsrv/assets/bin/mkvirt
+++ b/mailsrv/assets/bin/mkvirt
@@ -15,10 +15,13 @@ cat /vol/data/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/use
 postmap /etc/postfix/users
 
 ### Aliases ###
-# copy aliases to postifx config
+# copy aliases to postfix config
 cd /etc/postfix
 cat /vol/data/aliases.d/*.list > aliases
 postmap aliases
+# copy blacklist to postfix config
+cat /vol/data/aliases.d/*.deny > deny
+postmap deny
 
 ### Reload ###
 postfix reload
diff --git a/mailsrv/assets/postfix/main.cf.part b/mailsrv/assets/postfix/main.cf.part
index eb04c96..82e6522 100644
--- a/mailsrv/assets/postfix/main.cf.part
+++ b/mailsrv/assets/postfix/main.cf.part
@@ -61,6 +61,8 @@ smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_i
 smtpd_data_restrictions = reject_unauth_pipelining
 # reject unauthorized relay attempts
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
+# reject blacklisted addresses
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/deny, permit
 
 ### Misc ###
 # whether to send "new mail" notifications to users