On 4/5/2010 2:48 PM, Dan Farrell wrote:
Hi List! Hail, Postfix Gurus!
I'm having problems using smtpd_recipient_restrictions with
check_recipient_access.
My goal is to send mail from this machine only to email addresses I
specify. All other mail should be rejected, including mail from
localhost. (It's a development server used for testing websites,
and some of those websites have bulk mailing features so it's
important only developers and admins get the email). The machine only
delivers mail from local sources and needn't receive any mail at all.
I've managed to configure postfix to reject mail that I try to send
from the local machine with telnet[1]:
However PHP's mail() function still sends. I think php's mail() uses
sendmail; I noticed that I can also send to unauthorized recipients
with postfix's sendmail program[2].
My question is this: how do I reject recipients when I send mail
through postfix's sendmail, or through PHP?
I've attached main.cf and relay_recipients as well. I'm trying to use
relay_recipients as an access table for check_recipient_access as well
as the relay_recipients table. Is that OK?
It seems as though my telnet connections are triggering
reject_unauth_destination, because of the failed lookup in
relay_domains and/or relay_recipient_maps. Perhaps these lookups don't
apply in the case of sendmail submissions, which are "even more local"
than localhost:25 connections?
I am clearly missing the magic words that impose recipient restrictions
on sendmail submissions just as my current config does for localhost:25
submissions. I thought chech_recipient_access seemed perfect, but it's
inclusion in smtpd_recipient_restrictions seems to have had no affect.
Thank you very much for your help. I truly appreciate it.
Exhibits:
[1] telnet transcript
[r...@dev ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 dev.srv.inetglobal.com ESMTP Postfix (2.6.5)
helo localhost
250 dev.srv.inetglobal.com
mail from: d...@localhost
250 2.1.0 Ok
rcpt to: d...@spore.ath.cx
554 5.7.1<d...@spore.ath.cx>: Relay access denied
rcpt to: d...@danf.us
550 5.1.1<d...@danf.us>: Recipient address rejected: User unknown in
relay recipient table quit
221 2.0.0 Bye
Connection closed by foreign host.
[2] sendmail transcript
[r...@dev ~]# sendmail d...@danf.us
Hi Dan!
.<the mail can be found in d...@danf.us inbox>
Perhaps surprisingly, postfix smtpd_*_restrictions only apply
to mail submitted via SMTP. The sendmail(1) command does not
submit mail via SMTP.
One way to limit delivery for testing is to set
"default_transport = error:" and then list valid recipients in
transport_maps pointing to the smtp: or local: transport as
appropriate.
-- Noel Jones
