I use rob0's second suggestion which is using a map, it doesn't require that the user is authenticated.
in main.cf smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/maps/reject_senders in maps/reject_senders qq.com REJECT # Reject any mail from the qq.com domain (any user) myu...@mydomain.tld REJECT # Reject any mail from myu...@mydomain.tld Yassine. On Friday, April 20, 2018, 9:44:52 PM GMT+1, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > On Apr 20, 2018, at 3:40 PM, @lbutlr <krem...@kreme.com> wrote: > > How would I configure a user so that they could only read mail and not send > any mail (even to local users). If you accept mail from strangers on port 25, and the user can reach port 25 on your inbound MX host, then you can't prevent him from impersonating some stranger. Authentication on port 25 is not required. You could firewall-off inbound port 25 from hosts on your network, forcing the user to go off-site to send the "forbidden" email. -- -- Viktor.
