Rahmathulla KM wrote:
Dear Techies,
I am trying to implement an access control on an alias email account
called us...@domain.com <mailto:us...@domain.com>. I need to allow only
few users to send mail to this alias. I tried many of the combination
and didnt got a +ve result yet. I tried googling a lot, and found the
usage of declaring restriction classes, usage of
smtpd_recipient_restrictions etc...
After messing up a lot, i had implemented a test mail server and its
current configuration is as the following;
OS: CentOS 5.2
Postfix: 2.3.3-2
main.cf <http://main.cf>;
xinode-senders-list = check_sender_access
hash:/etc/postfix/xinode-senders, reject
users-senders-list = reject, check_sender_access
hash:/etc/postfix/users-senders
smtpd_restriction_classes = xinode-senders-list, users-senders-list
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected-recipients, reject_unauth_destination
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = domain.com <http://domain.com>
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
cat xinode-senders
# These are for various technical reasons.
double-bou...@domain.com <mailto:double-bou...@domain.com> OK
r...@domain.com <mailto:r...@domain.com> OK
mailer-dae...@domain.com <mailto:mailer-dae...@domain.com> OK
# These are the good guys.
us...@domain.com <mailto:us...@domain.com> OK
us...@domain.com <mailto:us...@domain.com> OK
us...@domain.com <mailto:us...@domain.com> OK
cat protected-recipients
mangous...@domain.com <mailto:mangous...@domain.com>
mangousers-senders-list
us...@domain.com <mailto:us...@domain.com> users-senders-list
xin...@domain.com <mailto:xin...@domain.com> xinode-senders-list
NOTE 1: currently, i dint declared mangousers-senders-list in main.cf
<http://main.cf>
NOTE 2: i tried by changing the order to put access controls, thats why
finally now its on the top of the main.cf <http://main.cf> file
I ran postmap to build the db files, restarted the postfix, watched the
logs.... and always i see all the mails are delivered smoothly. I was
not able to block even a single mail.
Is there any othe setting which is to be turned on to make this access
control work?
When i intentionally made a mistake in the smtpd_recipient_restrictions
command, and restarted postfix, i didnt see any error reported in the
maillog. I wonder why it is like that. Is there any mechanism (like
testparm for samba or self check of apache when it starts) to check our
main.cf <http://main.cf> is configured correctly.
Awaiting for your supportive hands...
Thanking all you in advance...
--
---
E-Regards,
Some notes...
Post here in plain text only; no HTML please.
Use "postconf -n" to see the settings that postfix sees.
This has saved me from grief many times.
Mail submitted via the sendmail(1) command is not subject to
smtpd_*_restrictions since it does not travel over SMTP. Such
mail is logged with "postfix/pickup" rather than "postfix/smtpd".
For more help, see
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
