My aim is to restrict a web application from sending to any domains
other than those specifically allowed. Obviously, by default postfix is
allowing me to send to all domains. However, I have not been able to
restrict - all domains are still sent to.
All emails are sent from the same email address (excerpt from maillogs -
apologies to those who dislike obfuscated domains):
logs:
#### snip ####
Jul 28 09:13:04 rt1 postfix/pickup[3465]: 57BF616180B2: uid=48
from=<apache>
Jul 28 09:13:04 rt1 postfix/cleanup[3545]: 57BF616180B2:
message-id=<rt-3.8.7-14324-1280308384-91.4989-1...@mydomain.com>
Jul 28 09:13:04 rt1 postfix/qmgr[12167]: 57BF616180B2:
from=<apa...@hostname.subdomain.mydomain.com>, size=1181, nrcpt=1 (queue
active)
#### snip ####
I added the following lines to my main.cf to achieve my aims:
#### snip ####
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders
smtpd_restriction_classes = allowed_only
allowed_only = check_recipient_access hash:/etc/postfix/allowed_domains,
reject
#### snip ####
/etc/postfix/restricted_senders:
####
apa...@hostname.subdomain.mydomain.com allowed_only
####
/etc/postfix/allowed_domains:
####
mydomain.com OK
mydomain.co.uk OK
mydomain.net OK
####
postconf -n:
########
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = check_sender_access
hash:/etc/postfix/restricted_senders
smtpd_restriction_classes = allowed_only
unknown_local_recipient_reject_code = 550
########
