Noticed the non-html version messed up the output of 'postconf -n' to a single line. So I resent it.
# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases config_directory = /etc/postfix debug_peer_level = 7 inet_interfaces = localhost mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource, software, protocol, policy relayhost = mail-vip.local.paygateway.com sendmail_path = /usr/sbin/sendmail.postfix smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/local_domains, reject Thanks, Steve -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Steve Zeng Sent: Tuesday, February 17, 2015 10:35 AM To: postfix-users@postfix.org Subject: RE: smtpd_recipient_restrictions to restrict outbound email to selected domains Thanks, Viktor. > Via SMTP from outside, or via sendmail(1) locally? I run mail locally as below: mail -s "hotmail" myusern...@hotmail.com<mailto:myusern...@hotmail.com> < /etc/hosts >You'll need to post "postconf -n" output to prove this. Also relevant >master.cf entries in case these contain overrides. # postconf -n smtpd_recipient_restrictions # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases config_directory = /etc/postfix debug_peer_level = 7 inet_interfaces = localhost mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource, software, protocol, policy relayhost = mail-vip.local.paygateway.com sendmail_path = /usr/sbin/sendmail.postfix smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/local_domains, reject I did not change anything on master.cf so it is default as below: smtp inet n - n - - smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient thanks, Steve -----Original Message----- From: owner-postfix-us...@postfix.org<mailto:owner-postfix-us...@postfix.org> [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Monday, February 16, 2015 5:16 PM To: postfix-users@postfix.org<mailto:postfix-users@postfix.org> Subject: Re: smtpd_recipient_restrictions to restrict outbound email to selected domains On Tue, Feb 17, 2015 at 12:48:45AM +0000, Steve Zeng wrote: > I am running postfix 2.3.3 on Redhat RHEL 5 for a local SMTP MTA. For > security purpose, we need to restrict its outbound emails to selected > destination domains only. > > http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions > > The default is: > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination > > I modified it as: > smtpd_recipient_restrictions = check_recipient_access > hash:/etc/postfix/local_domains, reject You'll need to post "postconf -n" output to prove this. Also relevant master.cf entries in case these contain overrides. > All outbound emails will be sent to relay host: > relayhost = mail-vip.local.paygateway.com > > /etc/postfix/local_domains > mycompany.com OK > hotmail. com OK > > However, it looks not effective. I can still send outbound email to anywhere. Via SMTP from outside, or via sendmail(1) locally? > Do I miss anything? http://www.postfix.org/DEBUG_README.html#mail * relevant non-verbose logs * postconf -n output * master entries for relevant services Please try to not "line-wrap" postconf -n output, while sending non-HTML email. -- Viktor. NOTICE: This email message is for the sole use of the addressee named above and may contain confidential information. Any unauthorized review, use, disclosure, distribution or duplication of this message or any attachments is expressly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies and backups of the original message. NOTICE: This email message is for the sole use of the addressee named above and may contain confidential information. Any unauthorized review, use, disclosure, distribution or duplication of this message or any attachments is expressly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies and backups of the original message.
