Thanks, Viktor.
> Via SMTP from outside, or via sendmail(1) locally?
I run mail locally as below:
mail -s "hotmail" myusern...@hotmail.com < /etc/hosts
>You'll need to post "postconf -n" output to prove this. Also relevant
>master.cf entries in case these contain overrides.
# postconf -n smtpd_recipient_restrictions
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
config_directory = /etc/postfix
debug_peer_level = 7
inet_interfaces = localhost
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software, protocol, policy
relayhost = mail-vip.local.paygateway.com
sendmail_path = /usr/sbin/sendmail.postfix
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/local_domains, reject
I did not change anything on master.cf so it is default as below:
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
thanks,
Steve
-----Original Message-----
From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org]
On Behalf Of Viktor Dukhovni
Sent: Monday, February 16, 2015 5:16 PM
To: postfix-users@postfix.org
Subject: Re: smtpd_recipient_restrictions to restrict outbound email to
selected domains
On Tue, Feb 17, 2015 at 12:48:45AM +0000, Steve Zeng wrote:
> I am running postfix 2.3.3 on Redhat RHEL 5 for a local SMTP MTA. For
> security purpose, we need to restrict its outbound emails to selected
> destination domains only.
>
> http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions
>
> The default is:
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination
>
> I modified it as:
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/local_domains, reject
You'll need to post "postconf -n" output to prove this. Also relevant
master.cf entries in case these contain overrides.
> All outbound emails will be sent to relay host:
> relayhost = mail-vip.local.paygateway.com
>
> /etc/postfix/local_domains
> mycompany.com OK
> hotmail. com OK
>
> However, it looks not effective. I can still send outbound email to anywhere.
Via SMTP from outside, or via sendmail(1) locally?
> Do I miss anything?
http://www.postfix.org/DEBUG_README.html#mail
* relevant non-verbose logs
* postconf -n output
* master entries for relevant services
Please try to not "line-wrap" postconf -n output, while sending non-HTML email.
--
Viktor.
NOTICE: This email message is for the sole use of the addressee named above and
may contain confidential information.
Any unauthorized review, use, disclosure, distribution or duplication of this
message or any attachments is expressly prohibited.
If you are not the intended recipient, please contact the sender by reply email
and destroy all copies and backups of the original message.
