On 1/12/2012 4:41 AM, Morten Frederik Kallesøe wrote: > Hi. > > My goal: > only allow mail to certains domains > > @a.com <http://a.com> > @b.com <http://b.com> > @c.com <http://c.com> > > everything else should bounce.
[please post in plain text only. thanks.] OK. Several problems below... > > main.cf <http://main.cf>: Please show "postconf -n" output rather than main.cf snippings. > smtpd_recipient_restrictions = > check_sender_access hash:/etc/postfix/recipient_access, > reject > cat /etc/postfix/recipient_access > a.dk <http://a.dk> OK > b.dk <http://b.dk> OK > c.dk <http://c.dk> OK If any of these are external domains, you just made yourself an open relay. Put these rules in smtpd_sender_restrictions *NOT* smtpd_recipient_restrictions. > > postmap /etc/postfix/recipient_access > postfix reload > > mails to other domains other then a.dk <http://a.dk> b.dk > <http://b.dk> c.dk <http://c.dk> still goes through. > > I have also tried to do this access control with > > main.cf <http://main.cf>: > header_checks = pcre:/etc/postfix/header_checks again, check your postconf -n output. > > cat /etc/postfix/header_checks > !/(@a\.dk|@b\.dk|@c\.dk)/ REJECT Bye > but its like the "!" part is not really working. This won't work. First, this will reject mail with ANY header that doesn't match the required pattern, rejecting all mail. Secondly, this will be unreliable since the header may not be the same as the envelope. A little better would be IF /^From:/ !/(@a\.dk|@b\.dk|@c\.dk)/ REJECT Bye ENDIF that will still be unreliable due to header vs. envelope, but at least it won't reject every message. > > postmap -q "m...@b.dk <mailto:m...@b.dk>" /etc/postfix/header_checks > dosnt return anything > postmap -q "m...@google.dk <mailto:m...@google.dk>" > /etc/postfix/header_checks returns "REJECT Bye" like it should > > but postfix dosnt really care. > > i test from bash with something like "echo hej | mail <mailaddress>" Perhaps surprisingly, smtpd_*_restrictions only work on mail submitted via SMTP, and not mail submitted on the command line. > Any pointers on where to look? If you need more help: http://www.postfix.org/DEBUG_README.html#mail The documentation: http://www.postfix.org/documentation.html -- Noel Jones
