How to Implement Custom SMTP Reject Messages for Specific Email Addresses in Postfix 2.7.0


4 views

Many web applications use noreply@domain.com as their sender address to avoid receiving replies. However, users often ignore this and reply anyway. Instead of silently dropping these messages, we can configure Postfix to send a helpful rejection notice while maintaining normal behavior for other invalid addresses.

We'll use Postfix's check_recipient_access feature combined with a custom restriction class. First, create a new access map file:

sudo nano /etc/postfix/recipient_access

Add your specific address with a custom reject message:

noreply@yourdomain.com   REJECT Please don't reply to this address. Your message was not delivered.
@subdomain.yourdomain.com  REJECT Messages to this subdomain are not accepted.

Postfix requires hash-formatted maps. Run:

sudo postmap /etc/postfix/recipient_access

Edit your main.cf file:

sudo nano /etc/postfix/main.cf

Add or modify these lines:

smtpd_recipient_restrictions =
    ...
    check_recipient_access hash:/etc/postfix/recipient_access
    ...

For more control, you can specify SMTP error codes:

noreply@yourdomain.com   REJECT 550 5.7.1 "Custom message: Replies to this address are not monitored"

After reloading Postfix (sudo postfix reload), test with:

telnet localhost 25
MAIL FROM:<test@example.com>
RCPT TO:<noreply@yourdomain.com>

You should receive your custom rejection message immediately.

The hash map lookup adds minimal overhead. For high-volume servers, consider:

  • Keeping the map file small
  • Using separate maps for different domains
  • Placing this check after basic validity checks in smtpd_recipient_restrictions

For more complex scenarios, consider writing a Postfix policy daemon in Python or C that can:

def check_policy(sender, recipient):
    if recipient == "noreply@domain.com":
        return "REJECT 550 No replies accepted"
    return "DUNNO"

When implementing a no-reply address for automated system emails, we often face this dilemma: we want to reject replies to noreply@domain.com with a helpful message, while maintaining Postfix's default behavior for other invalid addresses. Here's how to implement this properly in Postfix 2.7.0.

The most elegant solution involves creating a custom access map for recipient validation. Create a new file for your access rules:

sudo nano /etc/postfix/recipient_access

Add your rejection rules (replace with your actual domain):

noreply@yourdomain.com   REJECT 550 This is an unmonitored mailbox. Please use our support form at support.yourdomain.com
no-reply@yourdomain.com  REJECT 550 This is an unmonitored mailbox. Please use our support form at support.yourdomain.com

After creating the access file, compile it to Postfix's database format and update your main.cf:

sudo postmap /etc/postfix/recipient_access

Then add this to your main.cf:

smtpd_recipient_restrictions =
    check_recipient_access hash:/etc/postfix/recipient_access,
    reject_unauth_destination,
    [your other restrictions here...]

Always verify your changes:

sudo postfix reload
sudo tail -f /var/log/mail.log

Then send a test email to noreply@yourdomain.com from an external account. You should receive your custom rejection message immediately.

For more complex scenarios, you might want to:

  • Use regular expressions in your access map for pattern matching
  • Implement different messages for different no-reply aliases
  • Combine this with SRS (Sender Rewriting Scheme) if you're forwarding mail

This solution adds minimal overhead since:

  1. The recipient_access map is hashed for fast lookup
  2. It only processes the map once per recipient check
  3. The map is small in most implementations