El lun., 8 oct. 2018 a las 16:51, Noel Jones (<njo...@megan.vbhcs.org>) escribió:
> On 10/8/2018 6:17 AM, Ignacio Garcia wrote: > > Hi there! > > > > I've been reading the documentacion as well as googling around but > > I've been unable to figure this out: > > > > I have several hosting servers. I'd like all web sites hosted in > > those servers not to be able to send outbound mail without > > authenticating first. Same thing for shell users. What I'm really > > trying to achieve is that everybody (local accounts and php scripts > > running under www-data) will be forced to use the submission service > > (smtp-auth, tls activated) for all outbound emails, keeping > > non-authenticated connections just for internal emails (usually from > > services to the system administrator) > > > > Any guru willing to point me into the right direction? TIA!! > > > > Ignacio > > http://www.postfix.org/postconf.5.html#authorized_submit_users > > Probably something like > > # main.cf > authorized_submit_users = root, cron > (add any other service owners that need to send mail) > > and also remove "permit_mynetworks" from > smtpd_recipient_restrictions and from smtpd_relay_restrictions. > > > > > -- Noel Jones > Noel, thank you so much. You saved my day! This is more restrictive than I wanted but it'll do. Initial testings show it works ok. Now I have to find out all service accounts that send email periodically For those of you who might be running ispconfig and want to restrict the use of sendmail to created email accounts in ispconfig and service users only: authorized_submit_users = root, cron, serviceuser1, serviceuser2, ... , proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf Again, thanks so much Ignacio
