Sorry if I replied to the list twice, but Noel’s advice nailed it. "check_recipient_access=hash:/etc/postfix/protected_destinations" must be added to master.cf smtps and submission, then sending is not allowed.
Thanks! Kind regards, Ivars > On 24 Aug 2022, at 20:15, Noel Jones <njo...@megan.vbhcs.org> wrote: > > Since this is done with smtp_recipient_restrictions, it will only work with > mail submitted via SMTP and not with mail sent through the sendmail(1) > command. > > Also, you may have put overrides for smtp_recipient_restrictions in master.cf > for the submission or submissions (smtps) ports that will need to be adjusted. > > > > -- Noel Jones > > > On 8/24/2022 11:03 AM, Ivars Strazdiņš wrote: >> Hi Julio, >> I tested and it did not work for local users, access is denied (sending not >> possible) only for external ones. >> Mail is sent to l...@domain.com regardless if local sender address is in the >> insiders map or not. >> I use lmtp for local mail delivery, could that be a problem? >> With kind regards, >> Ivars >>> On 24 Aug 2022, at 17:12, julio covolato <ju...@psi.com.br >>> <mailto:ju...@psi.com.br>> wrote: >>> >>> >>> Em 24/08/2022 10:08, Ivars Strazdins escreveu: >>>> Hello Postfix Experts, >>>> let’s say that domain.com <http://domain.com/> is Postfix $mydomain. >>>> I know that it is possible to protect /etc/postfix/protected_destinations >>>> from external senders, as per >>>> https://www.postfix.org/RESTRICTION_CLASS_README.html >>>> >>>> But is it possible to limit users from the same domain who can send mails >>>> to an internal email distribution list? >>>> In other words, is it possible to setup Postfix so that >>>> us...@domain.com CAN send an email to /etc/postfix/protected_destinations >>>> us...@domain.com CANNOT send an email to l...@domain.com >>>> >>>> l...@domain.com is a simple Postfix alias. >>>> >>>> Thanks for your time, >>>> Ivars >>> >>> Hi, yes, you can. >>> >>> main.cf: >>> >>> smtpd_restriction_classes = insiders_only >>> insiders_only = check_sender_access hash:/etc/postfix/insiders, reject >>> ... >>> ... >>> smtpd_recipient_restrictions = check_recipient_access >>> hash:/etc/postfix/protected_destinations >>> ... >>> ... >>> >>> /etc/postfix/insiders: >>> >>> us...@domain.com OK >>> anotheru...@domain.com OK >>> >>> /etc/postfix/protected_destinations: >>> >>> l...@domain.com insiders_only >>> li...@domain.com insiders_only >>> >>> $ postmap /etc/postfix/protected_destinations >>> $ postmap /etc/postfix/insiders >>> $ postfix reload >>> >>> ---------------------------------- >>> _ Engº Julio Cesar Covolato >>> 0v0<ju...@psi.com.br> >>> /(_)\ F: 55-11-99175-9260 >>> ^ ^ PSI INTERNET >>> ---------------------------------- >
