Hello,
Following this idea, I would put
mua_recipient_restrictions = permit_sasl_authenticated,
check_sender_access
btree:/etc/postfix/restricted_senders,
reject
in main.cf
and instead in master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_tls_security_level=may
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=$mua_recipient_restrictions
-o content_filter=smtp-amavis:[127.0.0.1]:10026
Without the
smtpd_sender_restrictions = check_sender_access
btree:$meta_directory/restricted_senders
in main.cf sending is again possible and doesn't work as intended.
you need check_sender_access before permit_sasl_authenticated
- otherwise all authenticated users are permitted to send mail to protected
addresses.
check, makes total sense. Did it. Works.
Or am I misunderstanding things/how it should work?
the "smtpd_sender_restrictions" and other options defined in main.cf apply for all smtpd processes,
including "smtp" service on port 22 and "submission" service.
Those:
"-o smtpd_client_restrictions=..." and "-o smtpd_recipient_restrictions="
override settings from main.cf for particular service in master.cf
To use the same smtpd_recipient_restrictions for all smtp clients (remote
servers or clients) you can put single restrictions into main.cf.
Got it. Thanks for clarifying!
To get back to your first problem, looking at your mail:
https://marc.info/?l=postfix-users&m=173083738628897&w=2
I still don't know why it did not work. You have aleady said you only have
your servers in $mynetworks. Did you have smtpd_recipient_restrictions
overridden in master.cf?
No, no overrides regarding the regular smtpd in master.cf. Only for submission
as in one of the mails shown/above.
- If so, you can comment out those lines, I for example only override
smtpd_client_restrictions, smtpd_helo_restrictions and smtpd_relay_restrictions
in master.cf:
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=$mua_client_restrictions
-o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
- if not, what did your logs say?
Nov 6 10:04:15 theater postfix/submission/smtpd[1021573]: fatal: unexpected
command-line argument: btree:/etc/postfix/restricted_senders,reject
Nov 6 10:04:16 theater postfix/master[1021565]: warning: process
/usr/lib/postfix/smtpd pid 1021573 exit status 1
Nov 6 10:04:16 theater postfix/master[1021565]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Maybe the btree: directive in the master.cf statement is the cause?
Florian
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
