Re: protecting internal email distribution lists

Wed, 24 Aug 2022 09:04:15 -0700 

Hi Julio,

I tested and it did not work for local users, access is denied (sending not 
possible) only for external ones.
Mail is sent to l...@domain.com <mailto:l...@domain.com> regardless if local 
sender address is in the insiders map or not.
I use lmtp for local mail delivery, could that be a problem?
With kind regards,
Ivars

> On 24 Aug 2022, at 17:12, julio covolato <ju...@psi.com.br> wrote:
> 
> 
> Em 24/08/2022 10:08, Ivars Strazdins escreveu:
>> Hello Postfix Experts,
>> let’s say that domain.com <http://domain.com/> is Postfix $mydomain.
>> I know that it is possible to protect /etc/postfix/protected_destinations 
>> from external senders, as per 
>> https://www.postfix.org/RESTRICTION_CLASS_README.html 
>> <https://www.postfix.org/RESTRICTION_CLASS_README.html>
>> 
>> But is it possible to limit users from the same domain who can send mails to 
>> an internal email distribution list?
>> In other words, is it possible to setup Postfix so that
>> us...@domain.com <mailto:us...@domain.com> CAN send an email to 
>> /etc/postfix/protected_destinations <mailto:l...@domain.com>
>> us...@domain.com <mailto:us...@domain.com> CANNOT send an email to 
>> l...@domain.com <mailto:l...@domain.com>
>> 
>> l...@domain.com <mailto:l...@domain.com> is a simple Postfix alias.
>> 
>> Thanks for your time,
>> Ivars
> Hi, yes, you can.
> 
> main.cf:
> 
> smtpd_restriction_classes = insiders_only
> insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
> ...
> ...
> smtpd_recipient_restrictions = check_recipient_access 
> hash:/etc/postfix/protected_destinations
>     ...
>     ...
> 
> /etc/postfix/insiders:
> 
> us...@domain.com <mailto:us...@domain.com>   OK
> anotheru...@domain.com <mailto:anotheru...@domain.com>    OK
> 
> /etc/postfix/protected_destinations:
> 
> l...@domain.com <mailto:l...@domain.com>    insiders_only
> li...@domain.com <mailto:li...@domain.com>    insiders_only
> 
> $ postmap /etc/postfix/protected_destinations
> $ postmap /etc/postfix/insiders
> $ postfix reload
> 
> ----------------------------------
>     _    Engº Julio Cesar Covolato
>    0v0   <ju...@psi.com.br> <mailto:ju...@psi.com.br>
>   /(_)\  F: 55-11-99175-9260
>    ^ ^   PSI INTERNET
> ----------------------------------

Reply via email to