El 21/04/2014 00:54 a.m., Viktor Dukhovni escribió:
On Sun, Apr 20, 2014 at 11:11:03PM -0400, Lulu Li wrote:
I have an application that uses PHPMailer, which in turn uses
/usr/sbin/sendmail installed by Postfix.
Make sure that the application does not allow users to send email
to arbitrary recipients of their choice. (No open PHP web-forms).
Implement all relevant policy in the PHP application.
The basic problem is that I wish to limit number of recipients for outgoing
mail using Postfix sendmail.
The right place for such controls is in the application invoking
sendmail(1), not in sendmail(1) itself.
As Victor've said already, the *right way* is to restrict the number
of recipients in your PHP application. But if you for some reason
can't do it, if I remember correctly, PHPMailer can be configured
to use SMTP instead of sendmail. Configure it to use SMTP, host
127.0.0.1, and you'll get the complete set of the Postfix options,
not supported by sendmail interface. Or, if you're ready to do
something more, without affect other parts of your system, that
could use SMTP connection to 127.0.0.1, then configure Postfix
to listen additionally at some other local IP, or even set up the
separate Postfix instance, listening on other IP and/or port, and
appoint your PHPMailer there, and you can configure whatever you
want without the risk to break something that depends on local
SMTP submits. Read the Postfix manuals for details.
"You can't restrict recipient count
for the mails submitted through sendmail command".
Correct.
Can someone verify, and explain why it is (or not) possible to limit number
of outgoing recipients on Postfix sendmail?
The only policy control in sendmail(1)/postdrop(1) is a list of
authorized users.
More generally, what quotas or
options can be configured with Postfix sendmail?
None, because the sendmail(1) interface (7 bit exit code) does not
give applications sufficiently fine-grained feedback or recovery
options.
The correct way to apply local submission policy is to accept all
locally submitted mail from any user authorized to send mail (all
by default) into a null-client local submission instance, and to
bounce any mail disallowed by policy at the next-hop between the
null client and the smarthost.
http://www.postfix.org/MULTI_INSTANCE_README.html
However, with PHP and the like, the policy control unquestionably
belongs in the PHP application.
