Sorry if I replied to the list twice, but Noel’s advice nailed it.
"check_recipient_access=hash:/etc/postfix/protected_destinations" must be added 
to master.cf smtps and submission, then sending is not allowed.

Thanks!
Kind regards,
Ivars

> On 24 Aug 2022, at 20:15, Noel Jones <njo...@megan.vbhcs.org> wrote:
> 
> Since this is done with smtp_recipient_restrictions, it will only work with 
> mail submitted via SMTP and not with mail sent through the sendmail(1) 
> command.
> 
> Also, you may have put overrides for smtp_recipient_restrictions in master.cf 
> for the submission or submissions (smtps) ports that will need to be adjusted.
> 
> 
> 
>  -- Noel Jones
> 
> 
> On 8/24/2022 11:03 AM, Ivars Strazdiņš wrote:
>> Hi Julio,
>> I tested and it did not work for local users, access is denied (sending not 
>> possible) only for external ones.
>> Mail is sent to l...@domain.com regardless if local sender address is in the 
>> insiders map or not.
>> I use lmtp for local mail delivery, could that be a problem?
>> With kind regards,
>> Ivars
>>> On 24 Aug 2022, at 17:12, julio covolato <ju...@psi.com.br 
>>> <mailto:ju...@psi.com.br>> wrote:
>>> 
>>> 
>>> Em 24/08/2022 10:08, Ivars Strazdins escreveu:
>>>> Hello Postfix Experts,
>>>> let’s say that domain.com <http://domain.com/> is Postfix $mydomain.
>>>> I know that it is possible to protect /etc/postfix/protected_destinations 
>>>> from external senders, as per 
>>>> https://www.postfix.org/RESTRICTION_CLASS_README.html
>>>> 
>>>> But is it possible to limit users from the same domain who can send mails 
>>>> to an internal email distribution list?
>>>> In other words, is it possible to setup Postfix so that
>>>> us...@domain.com CAN send an email to /etc/postfix/protected_destinations
>>>> us...@domain.com CANNOT send an email to l...@domain.com
>>>> 
>>>> l...@domain.com is a simple Postfix alias.
>>>> 
>>>> Thanks for your time,
>>>> Ivars
>>> 
>>> Hi, yes, you can.
>>> 
>>> main.cf:
>>> 
>>> smtpd_restriction_classes = insiders_only
>>> insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
>>> ...
>>> ...
>>> smtpd_recipient_restrictions = check_recipient_access 
>>> hash:/etc/postfix/protected_destinations
>>>     ...
>>>     ...
>>> 
>>> /etc/postfix/insiders:
>>> 
>>> us...@domain.com   OK
>>> anotheru...@domain.com    OK
>>> 
>>> /etc/postfix/protected_destinations:
>>> 
>>> l...@domain.com    insiders_only
>>> li...@domain.com    insiders_only
>>> 
>>> $ postmap /etc/postfix/protected_destinations
>>> $ postmap /etc/postfix/insiders
>>> $ postfix reload
>>> 
>>> ----------------------------------
>>>     _    Engº Julio Cesar Covolato
>>>    0v0<ju...@psi.com.br>
>>>   /(_)\  F: 55-11-99175-9260
>>>    ^ ^   PSI INTERNET
>>> ----------------------------------
> 

Reply via email to