how to restrict mail to only one recipient?
in [Postfix]
|
From: Israel Garcia on 17 Apr 2010 17:15 Hi I have some apps on a debian server which use to send mail using localhost on the same server and I want allow only email sent to this address user(a)domain and reject all other. This is my main.cf smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = myserver.mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = myserver.mydomain, localhost.speedyrails.ca, , localhost smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipients, check_relay_domains, reject relayhost = [lbsmtp] smtp_host_lookup = dns,native mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = localhost mailbox_command = default_transport = smtp relay_transport = smtp smtp_host_lookup=dns,native inet_protocols = ipv4 /etc/postfix/recipient file: user(a)domain OK \*\@\* REJECT So, if I test sending mail using mail command or mutt rules does not work, but, if I use telnet or nc to connect to localhost on 25/tcp port rule works. Simple question, WHY? How can I restrict my server to send mail TO user(a)domain? NOTES: This server only accept mails from localhost This server send mails to a load balancer [lbsmtp] thanks in advance -- Regards; Israel Garcia
From: mouss on 17 Apr 2010 18:42 Israel Garcia a écrit : > Hi > I have some apps on a debian server which use to send mail using > localhost on the same server and I want allow only email sent to this > address user(a)domain and reject all other. This is my main.cf > > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > biff = no > append_dot_mydomain = no > readme_directory = no > > # TLS parameters > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key > smtpd_use_tls=yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > myhostname = myserver.mydomain > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = myserver.mydomain, localhost.speedyrails.ca, , localhost > smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/recipients, > check_relay_domains, > reject > > relayhost = [lbsmtp] > smtp_host_lookup = dns,native > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = localhost > mailbox_command = > default_transport = smtp > relay_transport = smtp > smtp_host_lookup=dns,native > inet_protocols = ipv4 > > /etc/postfix/recipient file: > > user(a)domain OK > \*\@\* REJECT the last line is useless. > > So, if I test sending mail using mail command or mutt rules does not > work, but, if I use telnet or nc to connect to localhost on 25/tcp > port rule works. Simple question, WHY? because smtpd_* parameters apply to mail received via SMTP. > > How can I restrict my server to send mail TO user(a)domain? > There are many ways... [transports] instead of using smtpd restrictions, you can use transport_maps: user(a)domain smtp: * error:recipient address not allowed (note that '*' only works for transport_maps. don't use it in access maps). [smtpd restrictions via a content filter] you can force mail submitted via the sendmail (pickup) interface to go through smtpd by adding -o content_filter=smtp:[127.0.0.1]:25 under the "pickup" service in master.cf. However: - if you do so, you must not use the sendmail command after content filtering. otherwise, you'll get an infinite loop. - mail that will be rejected will cause a bounce. you need to handle this. Instead of "reject", you could use HOLD to put mail on hold (and remove it manually using the postsuper command), or you can > NOTES: > This server only accept mails from localhost > This server send mails to a load balancer [lbsmtp] > > thanks in advance >
From: Ansgar Wiechers on 17 Apr 2010 18:42 On 2010-04-17 Israel Garcia wrote: > So, if I test sending mail using mail command or mutt rules does not > work, but, if I use telnet or nc to connect to localhost on 25/tcp > port rule works. Simple question, WHY? Because mutt et al. submit their mail via pickup, not via smtpd, and smtpd_*_restrictions don't apply to pickup. > How can I restrict my server to send mail TO user(a)domain? # /etc/postfix/main.cf transport_maps = hash:/etc/postfix/transport # /etc/postfix/transport user(a)domain : * error:destination prohibited Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
From: Israel Garcia on 18 Apr 2010 03:30 postfix rocks!! :-) working perfectly... thanks mouss regards, Israel. On Sun, Apr 18, 2010 at 12:42 AM, mouss <mouss(a)ml.netoyen.net> wrote: > Israel Garcia a écrit : >> Hi >> I have some apps on a debian server which use to send mail using >> localhost on the same server and I want allow only email sent to this >> address user(a)domain and  reject all other. This is my main.cf >> >> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) >> biff = no >> append_dot_mydomain = no >> readme_directory = no >> >> # TLS parameters >> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem >> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key >> smtpd_use_tls=yes >> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache >> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache >> >> myhostname = myserver.mydomain >> alias_maps = hash:/etc/aliases >> alias_database = hash:/etc/aliases >> myorigin = /etc/mailname >> mydestination = myserver.mydomain, localhost.speedyrails.ca, , localhost >> smtpd_recipient_restrictions = >>     check_recipient_access hash:/etc/postfix/recipients, >>     check_relay_domains, >>     reject >> >> relayhost = [lbsmtp] >> smtp_host_lookup = dns,native >> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 >> mailbox_size_limit = 0 >> recipient_delimiter = + >> inet_interfaces = localhost >> mailbox_command = >> default_transport = smtp >> relay_transport = smtp >> smtp_host_lookup=dns,native >> inet_protocols = ipv4 >> >> /etc/postfix/recipient file: >> >> user(a)domain  OK >> \*\@\*  REJECT > > the last line is useless. > >> >> So, if I test sending mail using mail command or mutt rules does not >> work, but, if I use telnet or nc to connect to localhost on 25/tcp >> port rule works. Simple question, WHY? > > because smtpd_* parameters apply to mail received via SMTP. > >> >> How can I restrict my server to send mail TO user(a)domain? >> > > There are many ways... > > [transports] > instead of using smtpd restrictions, you can use transport_maps: > > user(a)domain   smtp: > *    error:recipient address not allowed > > (note that '*' only works for transport_maps. don't use it in access maps). > > [smtpd restrictions via a content filter] > you can force mail submitted via the sendmail (pickup) interface to go > through smtpd by adding > -o content_filter=smtp:[127.0.0.1]:25 > > under the "pickup" service in master.cf. However: > > - if you do so, you must not use the sendmail command after content > filtering. otherwise, you'll get an infinite loop. > > - mail that will be rejected will cause a bounce. you need to handle > this. Instead of "reject", you could use HOLD to put mail on hold (and > remove it manually using the postsuper command), or you can > >> NOTES: >> This server only accept mails from localhost >> This server send mails to a load balancer [lbsmtp] >> >> thanks in advance >> > > -- Regards; Israel Garcia
|
Pages: 1 Prev: postcat ENVELOPE RECORDS output? Next: Question about bounce related spam |