Yes. To limit based on the message "To:" header you would need either to
use header_checks or an external content filter. Note that this does not
prevent spamming, it merely prevents a rather careless form of spamming.

It is important to understand that the "To:" header is entirely
independent of the SMTP envelope recipients after a message has been
submitted to a MTA like Postfix. To limit the number of envelope
recipients per message is also possible in Postfix, but it is generally
not very useful to do so because the sender can simply send multiple
independent copies with fewer recipients each than whatever limit you
define for Postfix.

Hi Bill. Thank you for your answer.

This method via header_checks will work only in messages originated from my
domain. I do not want to affect incoming messages.

Thank you

Marcelo



--
View this message in context: http://postfix.1071664.n5.nabble.com/Number-of-address-in-To-tp84617p84711.html
Sent from the Postfix Users mailing list archive at Nabble.com.

Yes, but I failed to mention a detail of how you might do that in my
prior message; to do so within the same smtpd service that accepts
external mail on port 25 requires the use of a restriction class which
applies to all messages with senders in your domain.

However, in most cases it is best to require your own users to submit
mail through a separate instance of the smtpd program running as a
"submission" server on port 587. This allows you to avoid the complexity
of a restriction class in your port 25 smtpd main configuration. You may
be able to simply reject mail claiming to be from addresses in your own
domain on port 25 entirely if you offer a submission service.

Bill, sorry if I'm being inconvenient, but my knowledge of Postfix is very
basic.

I understand but I do not know how to do. Could you explain better how I do
it?

Thank you

Marcelo

P.S. Yes, I offer a submission (port 587) service.



--
View this message in context: http://postfix.1071664.n5.nabble.com/Number-of-address-in-To-tp84617p84761.html
Sent from the Postfix Users mailing list archive at Nabble.com.

This makes it simpler. You have not posted enough details about your
configuration for me to give you a certain precise answer, but I'll try
as best I can. see the last section of the Postfix "DEBUG_README" file
regarding how to get help here most effectively.


Assuming that your postfix config directory is /etc/postfix/ and that
all of your users are able to use port 587 submission:

1. Add this line to main.cf if it is not already there:

smtpd_sasl_auth_enable = no

2. If you do not already have a "check_sender_access" clause in one of
the restriction lists (e.g. smtpd_sender_restrictions) in main.cf, add
one like this BEFORE any permit* clause in the list:

check_sender_access pcre:/etc/postfix/badsenders

And in /etc/postfix/badsenders, a line like this (using your real domain
in the left side):

/yourdomain\.example\.com$/ 550 5.7.1 Local users must use port 587
authenticated submission

NOTE: if you already have a "check_sender_access" clause that does not
follow a permit* clause, you can instead add that line (or the
equivalent in the proper syntax for hash or other table types) to the
existing map file and run 'postmap' on the map file if it is a type that
requires postmap.

3. In master.cf you have a set of lines defining your submission service
that looks something like this:

submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

That is actually a single logical line, with the trailing indented lines
defining option arguments to the smtpd program which differ from the
configuration in main.cf. You should add a line like this:

-o header_checks=pcre:/etc/postfix/header_checks

And in /etc/postfix/header_checks:

/^To: [^@]*@[^@]*@[^@]*@[^@]*@[^@]*@/ 550 5.7.1 To: headers are limited
to 4 addresses


If you don't have pcre map support, both of the examples I've given
above would work in regexp maps also. Keep in mind that header
restrictions CANNOT restrict the number of actual recipients of a
message, since that is a function of the number of SMTP RCPT commands
are accepted for the message, which is done before the DATA command that
initiates sending the message headers and body. Also, if you really want
to limit To: headers you may also want to limit Cc: headers. Thee is no
way to limit the combined content of To: and Cc: in Postfix itself,
since header_checks operates on one header line at a time and does not
remember anything about previous lines. To do multi-header checks you
would need to use a more sophisticated filtering tool like SpamAssassin.