smtpd_recipient_restrictions = check_recipient_access & sendmail
in [Postfix]
|
Prev: Client host rejected: sender address does not match client hostname
Next: cant deliver emails to gmail - no bounced msgs either
From: Noel Jones on 5 Apr 2010 16:01 On 4/5/2010 2:48 PM, Dan Farrell wrote: > Hi List! Hail, Postfix Gurus! > > I'm having problems using smtpd_recipient_restrictions with > check_recipient_access. > > My goal is to send mail from this machine only to email addresses I > specify. All other mail should be rejected, including mail from > localhost. (It's a development server used for testing websites, > and some of those websites have bulk mailing features so it's > important only developers and admins get the email). The machine only > delivers mail from local sources and needn't receive any mail at all. > > I've managed to configure postfix to reject mail that I try to send > from the local machine with telnet[1]: > > However PHP's mail() function still sends. I think php's mail() uses > sendmail; I noticed that I can also send to unauthorized recipients > with postfix's sendmail program[2]. > > My question is this: how do I reject recipients when I send mail > through postfix's sendmail, or through PHP? > > I've attached main.cf and relay_recipients as well. I'm trying to use > relay_recipients as an access table for check_recipient_access as well > as the relay_recipients table. Is that OK? > > It seems as though my telnet connections are triggering > reject_unauth_destination, because of the failed lookup in > relay_domains and/or relay_recipient_maps. Perhaps these lookups don't > apply in the case of sendmail submissions, which are "even more local" > than localhost:25 connections? > > I am clearly missing the magic words that impose recipient restrictions > on sendmail submissions just as my current config does for localhost:25 > submissions. I thought chech_recipient_access seemed perfect, but it's > inclusion in smtpd_recipient_restrictions seems to have had no affect. > > Thank you very much for your help. I truly appreciate it. > > Exhibits: > > [1] telnet transcript > > [root(a)dev ~]# telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > 220 dev.srv.inetglobal.com ESMTP Postfix (2.6.5) > helo localhost > 250 dev.srv.inetglobal.com > mail from: dan(a)localhost > 250 2.1.0 Ok > rcpt to: dan(a)spore.ath.cx > 554 5.7.1<dan(a)spore.ath.cx>: Relay access denied > rcpt to: dan(a)danf.us > 550 5.1.1<dan(a)danf.us>: Recipient address rejected: User unknown in > relay recipient table quit > 221 2.0.0 Bye > Connection closed by foreign host. > > [2] sendmail transcript > > [root(a)dev ~]# sendmail dan(a)danf.us > Hi Dan! > .<the mail can be found in dan(a)danf.us inbox> Perhaps surprisingly, postfix smtpd_*_restrictions only apply to mail submitted via SMTP. The sendmail(1) command does not submit mail via SMTP. One way to limit delivery for testing is to set "default_transport = error:" and then list valid recipients in transport_maps pointing to the smtp: or local: transport as appropriate. -- Noel Jones |