Re: Postfix restricting local mail locally.

Sat, 04 Jun 2011 14:51:32 -0700 

Le 04/06/2011 16:25, Kendrick a écrit :
> On 06/04/2011 05:06 AM, mouss wrote:
>> Using check_*_access before reject_unauth_destination is discouraged. it
>> may (accidentally) lead to open relay should "someone" add an entry that
>> returns OK.
>>
>> better use:
>>
>> smtpd_recipient_restrictions =
>>     permit_sasl_authenticated
>>     permit_myneyworks
>>     reject_unauth_destination
>>     check_sender_access hash:/etc/postfix/access_sender
>>
>> == access_sender:
>> techsoft3d.com      REJECT
>> .techsoft3d.com      REJECT
>>
> That makes sense now that I see an example.  Lists of options like the
> documentation tend to just confuse me.
>> Note to OP: this rejects mail with a sender in your domain unless it
>> comes from mynetworks or is authenticated (SASL).
>>
>> a better setup is to separate inbound mail service (MX) and submission
>> service (MSA), for example by using port 587 for submission. then you
>> wouldn't need to create exception ("reject unless").
>>
>> he could start with
>> http://www.postfix.org/SMTPD_ACCESS_README.html
>> http://www.postfix.org/RESTRICTION_CLASS_README.html
>>
> If i understand this right.  for the mx side I could put
> 
> smtpd_recipient_restrictions =
>     permit_sasl_authenticated
> 

No.
- the default in all smtpd_*_restrictions is OK
- open relay is checked in smtpd_recipient_restrictions

so the latter should have a reject_something. in general:
reject_unauth_destination (which rejects open relay).

> or should it be
> 
> smtpd_sender_restrictions =
>     check_sender_access hash:/etc/postfix/access_sender
> 
> == access_sender:
> techsoft3d.com      REJECT
> .techsoft3d.com      REJECT
> 
>     
> and on the internal side it would accept all with no restrictions?

yes if you have an "internal side". do you?     

> 
> the way the documentation is worded it confuses me which one would apply
> here. does smtpd_sender... = out going mail or the from: box?

the way you word it confuses me:)

all smtpd checks apply to the SMTP commands such as HELO/EHLO, MAIL
FROM, RCPT TO. smtpd checks do not apply to headers (Subject:, Date:
From:, To:, Cc:, ... etc).

you need to udnderstand how smtp works. smtp is a transport protocol
that is used to convey messages. smtp has commands: HELO/EHLO, MAIL
FROM, RCPT TO, DATA, QUIT, ... etc. the messages it convey have headers
(such as Received, Date, Subject, From, To, Cc, ... etc) and a body
(which may itself contain multiple MIME parts, sometimes called
attachments).

Reply via email to