On Wed, May 07, 2025 at 12:57:29PM +0530, Srinivasa Gowd S via Postfix-users
wrote:
> 1. Allow incoming emails from all external domains to all internal
> users.
> 2. Restrict outgoing emails for all users so they can only send to
> a list of allowed domains.
> 3. Allow specific privileged users to bypass this restriction and
> send emails to any external domain.
>
> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/recipient_access
> check_sender_access hash:/etc/postfix/check_sender_access
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> check_policy_service unix:private/policyd-spf
> permit
Well, what sort of entries do you have in the "check_sender_access"
table?
> smtpd_relay_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> defer_unauth_destination
> reject_unauth_destination
You may as well drop "defer_unauth_destination" here, because
"reject_unauth_destination" should be sufficient/safe.
>
> However, this configuration is not working as expected, and unprivileged
> users are still able to send to unauthorized domains.
Presumably their sender addresses are not adequately restricted by the
tables in question.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
