On Wed, Apr 04, 2012 at 03:57:00PM -0400, Eric Kimminau wrote:
> My goal is to limit outbound email to only three domains. All other email
> destined for any other domain should be redirected to a single, valid
> internal mail box.
I take it these are *destination* (recipient) domains, not *origin*
(sender) domains.
> It isn't working. Email to addresses outside this domain are still being
> delivered.
Of course not, your configuration is trying to filter sender domains:
> /etc/postfix/access:
> domain1.com OK
> domain2.com OK
> domain3.com OK
> . REDIRECT valid@email.address
Fortunately, the "." pseudo-domain is not one of the Postfix address
lookup keys, so your access list is a noop.
> # Sender restrictions:
> smtpd_sender_restrictions =
> reject_non_fqdn_sender
> reject_unknown_sender_domain
> check_recipient_access hash:/etc/postfix/access
> permit_auth_destination
> reject
>
> # Recipient restrictions:
> smtpd_recipient_restrictions =
> reject_unauth_destination
> check_sender_access hash:/etc/postfix/access
This would be a big problem if the table worked as intended.
> reject_invalid_hostname
> reject_non_fqdn_sender
> reject_non_fqdn_hostname
> reject_unknown_sender_domain
> reject_unauth_pipelining
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> permit_mynetworks
> reject
Since this host accepts mail only from machines in mynetworks,
it is simpler to just add the desired domains to
relay_domains = domain1.com, ...
And set:
default_transport = error:5.1.2 Destination unreachable
You'll need that anyway, since "reject_unauth_destination" at the
top of the recipient restrictions would otherwise deny traffic
to these domains.
Your configuration shos signs of being slapped together through
multiple rounds of unsuccessful experimentation. I strongly
suggest you take the time to understand address classes and
access controls and deploy something much simpler.
--
Viktor.
