I want to deny a certain local user (testbrukar) the ability to send
e-mail to destinations outside the local domain. I have tried this:
http://www.postfix.org/RESTRICTION_CLASS_README.html
The result here is exactly the same as when I tried to deny the user _all_
sending abilities (using check_sender_access only, without any
smtpd_restriction_classes): If I telnet to port 25, access is denied to
the sender. But if the user uses pine, the e-mail is accepted
Examples from the configuration where the user "testbrukar" is allowed to
send e-mail to his own domain but not to other domains:
With pine:
Jun 21 22:34:59 ludde postfix/smtpd[15600]: connect from localhost[127.0.0.1]
Jun 21 22:34:59 ludde postfix/smtpd[15600]: 3BE72FA10:
client=localhost[127.0.0.1]
Jun 21 22:34:59 ludde postfix/cleanup[15597]: 3BE72FA10:
message-id=<[EMAIL PROTECTED]>
Jun 21 22:34:59 ludde postfix/qmgr[15594]: 3BE72FA10:
from=<[EMAIL PROTECTED]>, size=1099, nrcpt=1 (queue active)
Jun 21 22:34:59 ludde postfix/smtpd[15600]: disconnect from
localhost[127.0.0.1]Jun 21 22:34:59 ludde amavis[15549]: (15549-01) Passed
CLEAN, <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID:
<[EMAIL PROTECTED]>, Hits: -1.25, 2162 ms
With telnet localhost 25:
Jun 21 22:35:55 ludde postfix/smtpd[15614]: connect from
localhost[127.0.0.1]
Jun 21 22:36:16 ludde postfix/smtpd[15614]: NOQUEUE: reject: RCPT from
localhost[127.0.0.1]: 554 <[EMAIL PROTECTED]>: Sender address
rejected: Access denied; from=<[EMAIL PROTECTED]>
to=<[EMAIL PROTECTED]> proto=SMTP helo=<localhost>
postconf -n:
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
command_directory = /usr/sbin/
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/doc/postfix-2.2.3/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
www.$mydomain, 127.0.0.1
mydomain = domain.tld
myhostname = ludde.domain.tld
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/doc/postfix-2.2.3/README_FILES
recipient_delimiter = +
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining,
check_sender_access hash:/etc/postfix/sender_ikkje_rbl,
reject_rbl_client cbl.abuseat.org, reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org, reject_rbl_client
combined.njabl.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client rbl-plus.mail-abuse.org, reject_rbl_client
relays.ordb.org, check_client_access hash:/etc/postfix/client_access
permit
smtpd_error_sleep_time = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining,
check_helo_access hash:/etc/postfix/helo_checks, permit
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders permit_mynetworks,
reject_unauth_destination, reject_non_fqdn_recipient,
check_recipient_access hash:/etc/postfix/recipient_access
check_policy_service inet:127.0.0.1:10023 permit
smtpd_restriction_classes = local_only
smtpd_sender_restrictions = reject_unknown_sender_domain,
reject_non_fqdn_sender, permit
smtpd_soft_error_limit = 1
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
------------------------------------------------------
Mailman-Users mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
