Sorry if I replied to the list twice, but Noel’s advice nailed it. "check_recipient_access=hash:/etc/postfix/protected_destinations" must be added to master.cf smtps and submission, then sending is not allowed.
Thanks! Kind regards, Ivars > On 24 Aug 2022, at 20:15, Noel Jones <[email protected]> wrote: > > Since this is done with smtp_recipient_restrictions, it will only work with > mail submitted via SMTP and not with mail sent through the sendmail(1) > command. > > Also, you may have put overrides for smtp_recipient_restrictions in master.cf > for the submission or submissions (smtps) ports that will need to be adjusted. > > > > -- Noel Jones > > > On 8/24/2022 11:03 AM, Ivars Strazdiņš wrote: >> Hi Julio, >> I tested and it did not work for local users, access is denied (sending not >> possible) only for external ones. >> Mail is sent to [email protected] regardless if local sender address is in the >> insiders map or not. >> I use lmtp for local mail delivery, could that be a problem? >> With kind regards, >> Ivars >>> On 24 Aug 2022, at 17:12, julio covolato <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> >>> Em 24/08/2022 10:08, Ivars Strazdins escreveu: >>>> Hello Postfix Experts, >>>> let’s say that domain.com <http://domain.com/> is Postfix $mydomain. >>>> I know that it is possible to protect /etc/postfix/protected_destinations >>>> from external senders, as per >>>> https://www.postfix.org/RESTRICTION_CLASS_README.html >>>> >>>> But is it possible to limit users from the same domain who can send mails >>>> to an internal email distribution list? >>>> In other words, is it possible to setup Postfix so that >>>> [email protected] CAN send an email to /etc/postfix/protected_destinations >>>> [email protected] CANNOT send an email to [email protected] >>>> >>>> [email protected] is a simple Postfix alias. >>>> >>>> Thanks for your time, >>>> Ivars >>> >>> Hi, yes, you can. >>> >>> main.cf: >>> >>> smtpd_restriction_classes = insiders_only >>> insiders_only = check_sender_access hash:/etc/postfix/insiders, reject >>> ... >>> ... >>> smtpd_recipient_restrictions = check_recipient_access >>> hash:/etc/postfix/protected_destinations >>> ... >>> ... >>> >>> /etc/postfix/insiders: >>> >>> [email protected] OK >>> [email protected] OK >>> >>> /etc/postfix/protected_destinations: >>> >>> [email protected] insiders_only >>> [email protected] insiders_only >>> >>> $ postmap /etc/postfix/protected_destinations >>> $ postmap /etc/postfix/insiders >>> $ postfix reload >>> >>> ---------------------------------- >>> _ Engº Julio Cesar Covolato >>> 0v0<[email protected]> >>> /(_)\ F: 55-11-99175-9260 >>> ^ ^ PSI INTERNET >>> ---------------------------------- >
