I am trying to utilize Postfix to restrict the sending of mail from certain users based on the MAIL FROM command. However, it doesn't appear that Postfix-2.10.2 is paying attention to my check_sender_access restrictions at all. I have it before permit_mynetworks, but the verify daemon doesn't appear to be doing any check at all on the MAIL FROM value.
How do I get postfix to be able restrict sending mail from certain users? I would expect to see SWAKS get a rejection message as soon as the MAIL FROM command is entered. Postfix config for recipient/sender restrictions: smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unverified_recipient, permit_mynetworks, reject_unauth_destination, permit smtpd_sender_restrictions = check_sender_access sqlite:/etc/postfix/sqlite-sender_access.cf, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit My sqlite-sender_access.cf file: dbpath = /var/mail/mailusers.db query = SELECT 'REJECT' AS action FROM users WHERE username = '%s@' AND send_mail = 'f' Output of SWAKS sending my mail message: [root@mailtest1 postfix]# swaks --to ad...@mailtestxyz.com \ --server 127.0.0.1:2525 --li 127.0.0.1 --from supp...@mailtestxyz.com === Trying 127.0.0.1:2525... === Connected to 127.0.0.1. <- 220 mail.mailtestxyz.com ESMTP Postfix -> EHLO mylocalserver <- 250-mail.mailtestxyz.com <- 250-PIPELINING <- 250-SIZE 10240000 <- 250-VRFY <- 250-ETRN <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250 DSN -> MAIL FROM:<supp...@mailtestxyz.com> <- 250 2.1.0 Ok -> RCPT TO:<ad...@mailtestxyz.com> <- 250 2.1.5 Ok -> DATA <- 354 End data with <CR><LF>.<CR><LF> -> Date: Thu, 29 May 2014 14:55:52 +0000 ..... truncated ..... My log messages from the verify daemon are below: postfix/smtpd[1231]: connect from localhost.localdomain[127.0.0.1] postfix/verify[1235]: name_mask: ipv4 postfix/verify[1235]: inet_addr_local: configured 4 IPv4 addresses postfix/verify[1235]: process generation: 6 (6) postfix/verify[1235]: set_eugid: euid 89 egid 89 postfix/verify[1235]: warning: request to update table internal in non-postfix directory . postfix/verify[1235]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix postfix/verify[1235]: Compiled against Berkeley DB: 4.3.29? postfix/verify[1235]: Run-time linked against Berkeley DB: 4.3.29? postfix/verify[1235]: dict_open: hash:/var/lib/postfix/internal postfix/verify[1235]: set_eugid: euid 0 egid 0 postfix/verify[1235]: hash:/var/lib/postfix/internal cache cleanup will start after 31992s postfix/verify[1235]: connection established fd 128 postfix/verify[1235]: master_notify: status 0 postfix/verify[1235]: verify socket: wanted attribute: request postfix/verify[1235]: input attribute name: request postfix/verify[1235]: input attribute value: query postfix/verify[1235]: verify socket: wanted attribute: address postfix/verify[1235]: input attribute name: address postfix/verify[1235]: input attribute value: ad...@mailtestxyz.com postfix/verify[1235]: verify socket: wanted attribute: (list terminator) postfix/verify[1235]: input attribute name: (end) postfix/verify[1235]: dict_cache_lookup: key=ad...@mailtestxyz.com value=0:0:1401364166:250 2.1.5 OK postfix/verify[1235]: GOT ad...@mailtestxyz.com status=0 probed=0 updated=1401364166 text=250 2.1.5 OK postfix/verify[1235]: send attr status = 0 postfix/verify[1235]: send attr recipient_status = 0 postfix/verify[1235]: send attr reason = 250 2.1.5 OK postfix/verify[1235]: master_notify: status 1 postfix/smtpd[1231]: A0AE9116AE2: client=localhost.localdomain[127.0.0.1]
