1 files changed, 3 insertions, 1 deletions

diff --git a/roles/webmail/templates/etc/postfix/main.cf.j2 b/roles/webmail/templates/etc/postfix/main.cf.j2
index 9d535c6..f4079d6 100644
--- a/roles/webmail/templates/etc/postfix/main.cf.j2
+++ b/roles/webmail/templates/etc/postfix/main.cf.j2
@@ -58,48 +58,50 @@ smtp_data_done_timeout           = 1200s
 
 {% if 'out' in group_names %}
 smtp_tls_security_level         = none
 smtp_bind_address               = 127.0.0.1
 {% else %}
 smtp_tls_security_level         = encrypt
 smtp_tls_cert_file              = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
 smtp_tls_key_file               = /etc/postfix/ssl/{{ ansible_fqdn }}.key
 smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
 smtp_tls_policy_maps            = cdb:/etc/postfix/tls_policy
 smtp_tls_fingerprint_digest     = sha256
 {% endif %}
 smtpd_tls_security_level        = none
 
 
 strict_rfc821_envelopes = yes
 smtpd_delay_reject      = yes
 disable_vrfy_command    = yes
 
 # UCE control
-unknown_client_reject_code = 554
+unknown_client_reject_code       = 554
+unverified_recipient_reject_code = 550
 
 smtpd_client_restrictions =
     permit_mynetworks
     reject
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     permit_mynetworks
     reject_non_fqdn_helo_hostname
     reject_invalid_helo_hostname
 
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
 
 smtpd_relay_restrictions =
     permit_mynetworks
     reject
 
 smtpd_recipient_restrictions =
     reject_non_fqdn_recipient
     reject_unknown_recipient_domain
+    reject_unverified_recipient
 
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
 # vim: set filetype=pfmain :