Tony Holmes:
> > > smtpd_sender_restrictions =
> > > check_sender_access hash:/usr/local/etc/postfix/cwahi_net-allowed
> > > check_policy_service inet:216.18.117.19:10031
> > > reject
> > >
> > > /usr/local/etc/postfix/cwahi_net-allowed:
> > > root PERMIT
> >
> > As documented in the access(5) manual page, this permits mail from
> > the NETWORK that claims to have a sender of root in your domain
> > (regardless of whether or not it was sent by your super-user).
>
> This I know - firewalling prevents incoming smtp connections from
> outside and even itself.
>
> > To restrict mail via the sendmail command line, use the
> > authorized_submit_users configuration parameter. It takes a list
> > of UNIX system account names.
>
> I am looking to allow/check policy/reject. This is where I am tripping
> up - essentially want the same power as the smtpd restrictions, but for
> the command line. Ideally without having to deploy another box :)
To force sendmail command-line submissions through the SMTP server,
use this:
/etc/postfix/master.cf
pickup fifo n - n 60 1 pickup
-o content_filter=smtp:[127.0.0.1]:10025
[127.0.0.1]:10025
inet n - n - - smtpd
and remove 127.0.0.1 from mynetworks. Of course using some other
interface than 127.0.0.1 will work too, but you'd have to firewall
it.
Wietse
