How to config internal and external email using postfix
 

Hi All

Im using postfix and dovecot installed in one machine running linux centos 5.4
and i have two lan card eth0 and eth1

the eth0 is my IP from ISP
the eth1 is my internal IP

now since my postfix and dovecot are started without any errors what i mean is
i can able to send in yahoo,gmail,etc... and also i can recieve email from outside

my question is how can i restrict this email address prinzz@prinzz.com denied for outside but can send and recieve only in internal while this prinzz2@prinzz.com is allow to send and recieve outside and inside.


please help

Thanks

look this url http://www.postfix.org/RESTRICTION_CLASS_README.html

Hi thanks for your reply

I followed the instruction the one you gave to me URL but still i can able send message externally am using this email add prinzz@tailinsubic-chatserver.com

for the /etc/postfix/restricted_senders
content: prinzz@tailinsubic-chatserver.com local_only

/etc/postfix/recipient_access
content:
prinzz@tailinsubic-chatserver.com restrictive
prinzz2@tailinsubic-chatserver.com permissive

/etc/postfix/local_domains
content: tailinsubic-chatserver.com OK




Please can someone review my main.cf

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup
smtpd_restriction_classes = restrictive, permissive
restrictive = reject_unknown_sender_domain reject_unknown_client_hostname
permissive = permit
check_recipient_access = hash:/etc/postfix/recipient_access
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# email forwarder
virtual_alias_domains = tailinsubic-chatserver.com
virtual_alias_maps = hash:/etc/postfix/virtual

# Restricting Internal to External
check_sender_access = hash:/etc/postfix/restricted_senders
smtpd_restriction_classess = local_only
local_only =
check_recipient_access = hash:/etc/postfix/local_domains, reject



thanks

erase the line
restrictive = reject_unknown_sender_domain reject_unknown_client_hostname

and the line
permissive = permit

and
erase the contend of recipient_access (you don't nedeed) and restart

i hope that this help..

Thanks for your reply

I removed it but there is a problem when i tried to send email to here aries_baluyot@tailinsubic-chatserver.com still running please see attached file and also my main.cf

smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup
smtpd_restriction_classes = restrictive, permissive
#restrictive = reject_unknown_sender_domain reject_unknown_client_hostname
#permissive = permit
check_recipient_access = hash:/etc/postfix/recipient_access
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# email forwarder
virtual_alias_domains = tailinsubic-chatserver.com
virtual_alias_maps = hash:/etc/postfix/virtual

# Restricting Internal to External
#smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup
check_sender_access = hash:/etc/postfix/restricted_senders
smtpd_restriction_classess = local_only
local_only =
#check_recipient_access = hash:/etc/postfix/local_domains, reject

Thanks

hum...

1. in smtpd_recipient_restrictions add at the begin this words check_sender_access hash:/etc/postfix/restricted_senders

example: smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_sasl_authenticated permit_mynetworks, check_relay_domains permit_mx_backup

whit this you define that the first rule to check to decide if a mail is goning to be send is check_sender_access

2. then you have to set the local policy, smtpd_restriction_classess = local_only
local_only =
check_recipient_access = hash:/etc/postfix/local_domains, reject

erase the line smtpd_restriction_classes = restrictive, permissive yout don't nedeed


3. in local_domains you have to add the domains that postfix will recognize like your own domain


4. in the restricted_senders you have to add the accounts and the restriccion_classes tha will affect them exaple

prinzz@tailinsubic-chatserver.com local_only
the accounts that don't appear in the file (restricted_senders), will to be able to send mail to external domains because the next
policies in the line smtpd_recipient_restrictions, will be aplied to them

i hope that this help you and sorry again for my english..

Thanks for your reply

smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/recipient_access, permit_sasl_authenticated, permit_mynetworks, check_relay_domains, permit_mx_backup

i have problem with that noticed that the red color when i remove that i can able to send and recieve but if im going to place on that path
SMTP become idle or taking long time but still failed to send


anyideas


thanks

make a postmap to the files recipient_access, local_domains.


example: postmap local_domains and that will create the local_domains.db that the hash: type of file restart the postfix and check if the mails can be send.

try this and tell me if work for you, if don't restart the postfix and post the /var/log/maillog in then moment when send a mail

Hi Thanks for your reply

Im sorry for not replying immediately

i used postmap for this following restricted_senders, local_domain, recipient_access and also virtual all i mentioned postmap created db of each filename.

i checked the mail log and here is the result

Jun 1 13:27:46 tailinsubic-chatserver postfix/master[4467]: daemon started -- version 2.3.3, configuration /etc/postfix
Jun 1 13:27:50 tailinsubic-chatserver postfix/smtpd[4471]: fatal: restriction class `local_only' needs a definition
Jun 1 13:27:51 tailinsubic-chatserver postfix/master[4467]: warning: process /usr/libexec/postfix/smtpd pid 4471 exit status 1
Jun 1 13:27:51 tailinsubic-chatserver postfix/master[4467]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling


please help

thanks

Hi,

Good News

Its ok now i can able to send email local using restricted_senders

please check log below

Jun 1 14:20:16 tailinsubic-chatserver postfix/master[7827]: daemon started -- version 2.3.3, configuration /etc/postfix
Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: connect from unknown[119.92.56.77]
Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: setting up TLS connection from unknown[119.92.56.77]
Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: TLS connection established from unknown[119.92.56.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Jun 1 14:20:20 tailinsubic-chatserver postfix/trivial-rewrite[7835]: warning: do not list domain tailinsubic-chatserver.com in BOTH mydestination and virtual_alias_domains
Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: C0D2E2350085: client=unknown[119.92.56.77], sasl_method=PLAIN, sasl_username=aries_baluyot@tailinsubic-chatserver.com
Jun 1 14:20:20 tailinsubic-chatserver postfix/cleanup[7836]: C0D2E2350085: message-id=<2FE3A4E1-3DD9-4F74-937D-C9A8511F29C8@tailinsubic-chatserver.com>
Jun 1 14:20:20 tailinsubic-chatserver postfix/qmgr[7830]: C0D2E2350085: from=<aries_baluyot@tailinsubic-chatserver.com>, size=713, nrcpt=1 (queue active)
Jun 1 14:20:23 tailinsubic-chatserver postfix/smtp[7837]: C0D2E2350085: to=<r_sumook@yahoo.com>, relay=f.mx.mail.yahoo.com[98.137.54.237]:25, delay=3, delays=0.17/0.01/1.1/1.7, dsn=2.0.0, status=sent $
Jun 1 14:20:23 tailinsubic-chatserver postfix/qmgr[7830]: C0D2E2350085: removed
Jun 1 14:21:21 tailinsubic-chatserver postfix/smtpd[7831]: disconnect from unknown[119.92.56.77]
Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: connect from unknown[119.92.56.77]
Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: setting up TLS connection from unknown[119.92.56.77]
Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: TLS connection established from unknown[119.92.56.77]: TLSv1 with cipher AES128-SHA (128/128 bits)
Jun 1 14:21:45 tailinsubic-chatserver postfix/trivial-rewrite[7835]: warning: do not list domain tailinsubic-chatserver.com in BOTH mydestination and virtual_alias_domains
Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: NOQUEUE: reject: RCPT from unknown[119.92.56.77]: 554 5.7.1 <rsumook@tailinsubic-chatserver.com>: Sender address rejected: Access denied; fro$
Jun 1 14:21:46 tailinsubic-chatserver postfix/smtpd[7831]: disconnect from unknown[119.92.56.77]


thank you so much :) cheers