Wietse Venema:
> Tony Holmes:
> > > > smtpd_sender_restrictions =
> > > > check_sender_access
> > > > hash:/usr/local/etc/postfix/cwahi_net-allowed
> > > > check_policy_service inet:216.18.117.19:10031
> > > > reject
> > > >
> > > > /usr/local/etc/postfix/cwahi_net-allowed:
> > > > root PERMIT
> > >
> > > As documented in the access(5) manual page, this permits mail from
> > > the NETWORK that claims to have a sender of root in your domain
> > > (regardless of whether or not it was sent by your super-user).
> >
> > This I know - firewalling prevents incoming smtp connections from
> > outside and even itself.
> >
> > > To restrict mail via the sendmail command line, use the
> > > authorized_submit_users configuration parameter. It takes a list
> > > of UNIX system account names.
> >
> > I am looking to allow/check policy/reject. This is where I am tripping
> > up - essentially want the same power as the smtpd restrictions, but for
> > the command line. Ideally without having to deploy another box :)
>
> To force sendmail command-line submissions through the SMTP server,
> use this:
>
> /etc/postfix/master.cf
> pickup fifo n - n 60 1 pickup
> -o content_filter=smtp:[127.0.0.1]:10025
> [127.0.0.1]:10025
> inet n - n - - smtpd
>
> and remove 127.0.0.1 from mynetworks. Of course using some other
> interface than 127.0.0.1 will work too, but you'd have to firewall
> it.
Removing the 127.0.0.1 (or whatever you use) from mynetworks of course
breaks mail relay access control, so you may have to keep it.
Wietse
