On 2013-06-20 Thu 04:52 AM |, Stan Hoeppner wrote: > > >> smtpd_recipient_restrictions > > Note this is an smptd restriction. > >> ... > >> check_recipient_access hash:/etc/postfix/reject-local-system > >> ... > Thus this only applies to mail arriving via smtpd, not pickup, not pipe, > etc. >
Ahhh, yes. Obvious now - thanks. > > > > $ uptime | sendmail post...@example.com > > Note you are injecting the mail in this test with the sendmail > compatibility command, which does not involve the smtpd service. > Yes, I simply hadn't realised that wouldn't invoke your smtpd restriction idea. However, users have shell access with mutt, sendmail, mail, cron,..... > > I'm guessing due to your trial and error methodology here that's you've > not read the Address Rewriting document: > > http://www.postfix.org/ADDRESS_REWRITING_README.html > > I'd read that thoroughly before any more trial/error, paying particular > attention to the virtual aliasing section. It may give you a better > understanding of this, and help eliminate guesswork. > I'd read quite a lot of the READMEs and gotten a bit swamped by it all. This set up works for a single canonical domain, accepting mail for pretty addresses & rejecting remote mail for MOST Unix accounts, while accepting local mail to Unix accounts: main.cf: myorigin = $mydomain mydestination = localhost.$mydomain, localhost, $mydomain canonical_maps = btree:$config_directory/canonical.map masquerade_domains = $mydomain remote_header_rewrite_domain = sender.domain.incomplete alias_maps = btree:$config_directory/aliases mail_spool_directory = /var/mail/ mailbox_transport = lmtp:unix:private/dovecot-lmtp smtpd_recipient_restrictions = reject_non_fqdn_hostname reject_invalid_hostname ... ... check_recipient_access btree:$config_directory/reject_system_accounts.map ... canonical.map: jb4356 joe.blo...@example.com jb8921 jane.blos...@example.com aliases: root: admin-acct MAILER-DAEMON: postmaster # hack to accept mail for postmaster@[ip.add.ress.es] postmaster: postmaster abuse: postmaster bin: root daemon: root named: hostmaster nobody: root uucp: root www: root ftp-bugs: root postfix: postmaster manager: root dumper: root operator: root joe.bloggs: jb4356 jane.blossom: jb8921 ... ... sales: acct145 support: acct267 ... .. reject_system_accounts.map: # Generated by: /home/postmaster/bin/postmap-reject-system-accounts (rev 1.2) _...@example.com reject Unknown User _b...@example.com reject Unknown User _...@example.com reject Unknown User _d...@example.com reject Unknown User _dove...@example.com reject Unknown User _doven...@example.com reject Unknown User ... ... jb4...@example.com reject Unknown User jb8...@example.com reject Unknown User /etc/mutt/Muttrc: set use_from=no Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
