Re: Restrict outgoing/submission to defined local or virtual users
Matus: why just outgoing? Are you willing to accept spam with fake from in your domain? On 07.09.17 15:13, Scott Techlist wrote: I am not willing. Inbound is already restricted and functioning properly. That said, I migrated my configs from an older version of PF so now you made me worry about *how* it is restricted. I have set at postfix level for local, virtual and relay users: local_recipient_maps = hash:/etc/postfix/local_recipient virtual_alias_maps = hash:/etc/postfix/virtual_users relay_recipient_maps = hash:/etc/postfix/relay_recipients If the email isn't in one of those, it is rejected. I *thought* it was those settings that are causing/accomplishing the inbound invalid address restricting. No? Fuzzy on this detail. I will deploy reject_unlisted_sender for outbound checking. I gather it will also consult local, virtual, and relay maps for what is "listed"? I believe you must configure reject_unlisted_sender everywhere in order to check sender address if it exists. That's why I recommended you to do it (and put it before all permit_* options). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
RE: Restrict outgoing/submission to defined local or virtual users
Matus: >why just outgoing? Are you willing to accept spam with fake from in your >domain? I am not willing. Inbound is already restricted and functioning properly. That said, I migrated my configs from an older version of PF so now you made me worry about *how* it is restricted. I have set at postfix level for local, virtual and relay users: local_recipient_maps = hash:/etc/postfix/local_recipient virtual_alias_maps = hash:/etc/postfix/virtual_users relay_recipient_maps = hash:/etc/postfix/relay_recipients If the email isn't in one of those, it is rejected. I *thought* it was those settings that are causing/accomplishing the inbound invalid address restricting. No? Fuzzy on this detail. I will deploy reject_unlisted_sender for outbound checking. I gather it will also consult local, virtual, and relay maps for what is "listed"? Thanks.
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 2:48 PM, techlist06 wrote: Is it possible to restrict outgoing mail to be from one of my "valid" local or virtual aliases? And I want to restrict outbound from one address in particular. On 05.09.17 15:25, Noel Jones wrote: The easiest way would be to add -o smtpd_sender_restrictions=reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender why just outgoing? Are you silling to accept spam with fake from in your domain? Simply add reject_unlisted_sender to smtpd_sender_restrictions at postfix level. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: Restrict outgoing/submission to defined local or virtual users
First time I've tried the inline map type. And, I think the spaces may have been what was hosing my earlier attempts. Appreciate the pointer very much. Will give this a go. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 3:39 PM, techlist06 wrote:
> Just what I was hoping for, the easy button. Thank you.
>
> What about the one (valid) sender I want to prevent? I've got a IMAP
> account setup for spam reporting, I want to be sure no one who has access to
> it sends anything from that account.
>
>
>
>
>
>
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
>
Use a check_sender_access map to reject that one sender. You can't
use spaces in master.cf, so do something like:
main.cf:
submission_sender_restrictions = reject_unlisted_sender,
check_sender_access inline:{ s...@example.com=REJECT }
master.cf:
...
submission ...
-o smtpd_sender_restrictions=$submission_sender_restrictions
My example uses the inline: map type, which is great for simple
tables with few elements, but any postfix map type may be used.
http://www.postfix.org/DATABASE_README.html#types
-- Noel Jones
Re: Restrict outgoing/submission to defined local or virtual users
Just what I was hoping for, the easy button. Thank you. What about the one (valid) sender I want to prevent? I've got a IMAP account setup for spam reporting, I want to be sure no one who has access to it sends anything from that account. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 2:48 PM, techlist06 wrote: > Postfix 3.2.2, Centos7. All functioning as configured. I have a few local > accounts, several virtual addresses delivered to those accounts, and some > domains relayed, the latter do not submit mail through this box. > > All local accounts send via TLS authentication on 587. Currently I don't > think I have any restrictions on what an outbound address can be. I do have > some aliases so I do not want to restrict to logon names only. > > Is it possible to restrict outgoing mail to be from one of my "valid" local > or virtual aliases? And I want to restrict outbound from one address in > particular. > > I looked here: > http://www.postfix.org/RESTRICTION_CLASS_README.html > but if the answer is there I'd be grateful for some more help, I didn't get > it. On or off-list. > > Right now my submission section of master.cf I sbelow. I tried adding > something here as -o o smtpd_sender_restrictions but didn't get that right. > > submission inetn - n - - smtpd > ## subsequent indented lines override main.cf settings. > -o content_filter= > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o syslog_name=postfix-submission > -o milter_macro_daemon_name=ORIGINATING > > Happy to provide all the configs if needed. > > > The easiest way would be to add -o smtpd_sender_restrictions=reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender -- Noel Jones
Restrict outgoing/submission to defined local or virtual users
Postfix 3.2.2, Centos7. All functioning as configured. I have a few local accounts, several virtual addresses delivered to those accounts, and some domains relayed, the latter do not submit mail through this box. All local accounts send via TLS authentication on 587. Currently I don't think I have any restrictions on what an outbound address can be. I do have some aliases so I do not want to restrict to logon names only. Is it possible to restrict outgoing mail to be from one of my "valid" local or virtual aliases? And I want to restrict outbound from one address in particular. I looked here: http://www.postfix.org/RESTRICTION_CLASS_README.html but if the answer is there I'd be grateful for some more help, I didn't get it. On or off-list. Right now my submission section of master.cf I sbelow. I tried adding something here as -o o smtpd_sender_restrictions but didn't get that right. submission inetn - n - - smtpd ## subsequent indented lines override main.cf settings. -o content_filter= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o syslog_name=postfix-submission -o milter_macro_daemon_name=ORIGINATING Happy to provide all the configs if needed.
