On Tue, Jan 03, 2023 at 07:50:19PM -0500, Hébergement Arbre Binaire wrote:
> Maybe I should ask another question: is sendmail the ONLY way for a local
> script (be it any kind of script: PHP or otherwise) to queue a mail for
> delivery?
All that applications can portably expect to work for local submission
is sendmail(1). If they know that Postfix actually the local MTA, and
are willing to "talk" the sendmail->postdrop(1) protocol (transmit
Postfix envelope and message queue-file records), then they could
invoke postdrop(1) directly, bypassing sendmail(1).
The real "only" way to enqueue mail for local delivery via Postfix is
postdrop(1), which is "setgid" to a group that can write to the
"maildrop" queue. If you set "authorized_submit_users" to a restricted
set of trusted system accounts, then all users would have to use your
shim, a postdrop(1) will refuse service. Your shim can talk SMTP to
a relay that can selectively refuse messages.
--
Viktor.
