Postfix: Restricting what users can send mail to off-site destinations
I need to restrict domain that user can send email to, so I'm following this manual: http://www.postfix.org/RESTRICTION_CLASS_README.html
Code:
/etc/postfix/main.cf: Code:
postmap /etc/postfix/restricted_senders Using this setting user1@mydomain.net should NOT able to send email to any email address except mydomain.net and myotherdomain.net (correct me if I'm wrong). I setup user1@mydomain.net in an email client (Outlook) and test it to send email to @yahoo.com and the email goes through. What I'm I doing wrong here? |
Not necessarily anything. Outlook (so I thought) uses the destination mail address to connect to the receiving system directly. The client application has to be configured specifically to get it to use your mail server as a relay, and anytime a user objects, I think they can change it themselves. There might be a group policy on it though, but I don't use outlook or even Windows...
|
I already set the POP3 & SMTP setting in Outlook to the MTA IP address, so the issue should be in the server, not in the client. The mail sent properly (so it use the MTA) it just the postfix restriction doesn't applied.
|
Does the SMTP sender match the listing in /etc/postfix/restricted_senders?
Are they explicitly allowed by an earlier rule? Or with 'smtpd_delay_reject = yes' are they allowed by a later rule? |
Hmm interesting, I don't have smtpd_delay_reject setting in main.cf, but from the manual it says smtpd_delay_reject (default: yes). Anyway, I explicitly put 'smtpd_delay_reject = yes' in main.cf and the result is different now.
I'm testing sending email from user1@mydomain.net to @yahoo.com, @gmail.com and @outlook.com and none received the email (yet). Here's the log in the server for the last one (to @outlook.com): Code:
Feb 4 10:07:22 system pop3[11829]: login: [192.168.0.90] user1 plaintext User logged in |
If it is working properly I would expect the client to get rejected during the SMTP session.
You should turn on debug logging and follow each mail through the process. |
Solved!
Got busy with something else, never had chance to post here. Thanks a lot descendant_command for the help, you're right by asking 'Are they explicitly allowed by an earlier rule?'
Here are the rule in smtpd_recipient_restrictions: Code:
smtpd_recipient_restrictions = Code:
smtpd_recipient_restrictions = |
Nice, thanks for posting back your solution.
|
All times are GMT -5. The time now is 06:08 AM. |