(already sent this, but had a problem on the first attempt, am not
sure If I sent it successfully)
I have a postfix server and I want to restrict some users to send only
to domain I want to allow. I already accomplished the restriction of
who can send to some local users, what I have not is to restrict them
to send outside my domain and allow only to defined external
destination. my config below:
#----Part of main.cf--------------------------------------------------#
#
smtpd_restriction_classes = from_allowed_sender_to_local,
allowed_domains_from_local
from_allowed_sender_to_local = check_sender_access
hash:/etc/postfix/allowed_domains, reject
allowed_domains_from_local = check_recipient_access
hash:/etc/postfix/allowed_domains, reject
###
smtpd_client_restrictions =
# check_client_access hash:/etc/postfix/restricted_local_clients
# check_sender_access hash:/etc/postfix/sender_access
permit_mynetworks
permit_sasl_authenticated
reject_rbl_client bl.spamcop.net
reject_rbl_client pbl.spamhaus.org
reject_rbl_client sbl.spamhaus.org
#
smtpd_helo_required = yes
#
#
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
#
#
smtpd_sender_restrictions =
reject_unknown_sender_domain
reject_non_fqdn_sender
permit_sasl_authenticated
permit_mynetworks
check_sender_access hash:/etc/postfix/sender_access
#
#
####Recipient restriction now working############
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/restricted_local_destinations
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unknown_recipient_domain
reject_non_fqdn_recipient
reject_unauth_destination
reject_rbl_client sbl.spamhaus.org
reject_rbl_client pbl.spamhaus.org
reject_rbl_client bl.spamcop.net
#
#
smtpd_etrn_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject
#
transport_maps = hash:/etc/postfix/transport
data_directory = /var/lib/postfix
#Amavis
content_filter = smtp-amavis:[127.0.0.1]:10024
#
#
#-----------------------end of main.cf----------------------------------------#
#------------/etc/postfix/restricted_local_destinations------------#
#list of users that can received only mail from allowed domains
#not listed here may receive from anyone
user1@ from_allowed_sender_to_local
#-------------------------------------------------------------------------------------#
#-----------------/etc/postfix/allowed_domains-------------------------#
#you may insert here the list of domains or email add that local users
should be able to receive from
mycompanydomain.com OK
myexternalem...@yahoo.com OK
#--------------------------------------------------------------------------------------#
On the config above, the system now rejects emails from those not
listed at /etc/postfix/allowed_domains for users listed at
/etc/postfix/restricted_local_destinations. For those users not listed
at /etc/postfix/restricted_local_destinations, they can receive from
any legit email.
Sorry, Im confused now, hope some one can help, what I want now is
those listed at /etc/postfix/restricted_local_destinations can only
send email to those listed at /etc/postfix/allowed_domains. Not listed
here, should be rejected with message access denied.
really appreciate your help list.
thanks in advance.
