[Mailman-Users] sender restrictions

Jardar Eggesbø Abrahamsen jardar at nvg.ntnu.no
Tue Jun 21 23:21:13 CEST 2005

I want to deny a certain local user (testbrukar) the ability to send 
e-mail to destinations outside the local domain. I have tried this: 

The result here is exactly the same as when I tried to deny the user _all_ 
sending abilities (using check_sender_access only, without any 
smtpd_restriction_classes): If I telnet to port 25, access is denied to 
the sender. But if the user uses pine, the e-mail is accepted

Examples from the configuration where the user "testbrukar" is allowed to 
send e-mail to his own domain but not to other domains:

With pine:

Jun 21 22:34:59 ludde postfix/smtpd[15600]: connect from localhost[]
Jun 21 22:34:59 ludde postfix/smtpd[15600]: 3BE72FA10: 
Jun 21 22:34:59 ludde postfix/cleanup[15597]: 3BE72FA10: 
message-id=<Pine.LNX.4.62.0506212234440.15567 at ludde.domain.tld>
Jun 21 22:34:59 ludde postfix/qmgr[15594]: 3BE72FA10: 
from=<testbrukar at domain.tld>, size=1099, nrcpt=1 (queue active)
Jun 21 22:34:59 ludde postfix/smtpd[15600]: disconnect from 
localhost[]Jun 21 22:34:59 ludde amavis[15549]: (15549-01) Passed 
CLEAN, <testbrukar at domain.tld> -> <jardar at otherdomain.tld>, Message-ID: 
<Pine.LNX.4.62.0506212234440.15567 at ludde.domain.tld>, Hits: -1.25, 2162 ms

With telnet localhost 25:

Jun 21 22:35:55 ludde postfix/smtpd[15614]: connect from 
Jun 21 22:36:16 ludde postfix/smtpd[15614]: NOQUEUE: reject: RCPT from 
localhost[]: 554 <testbrukar at domain.tld>: Sender address 
rejected: Access denied; from=<testbrukar at domain.tld> 
to=<jardar at otherdomain.tld> proto=SMTP helo=<localhost>

postconf -n:

alias_maps = hash:/etc/aliases,   hash:/usr/local/mailman/data/aliases
command_directory = /usr/sbin/
config_directory = /etc/postfix
content_filter = smtp-amavis:[]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/doc/postfix-2.2.3/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,        www.$mydomain,
mydomain = domain.tld
myhostname = ludde.domain.tld
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/doc/postfix-2.2.3/README_FILES
recipient_delimiter = +
relayhost = 
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks,        reject_unauth_pipelining,        check_sender_access hash:/etc/postfix/sender_ikkje_rbl,        reject_rbl_client cbl.abuseat.org,        reject_rbl_client opm.blitzed.org,        reject_rbl_client list.dsbl.org,        reject_rbl_client combined.njabl.org,        reject_rbl_client sbl.spamhaus.org,        reject_rbl_client rbl-plus.mail-abuse.org,        reject_rbl_client relays.ordb.org,        check_client_access hash:/etc/postfix/client_access        permit
smtpd_error_sleep_time = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,        reject_unauth_pipelining,        check_helo_access hash:/etc/postfix/helo_checks,        permit
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders   permit_mynetworks,   reject_unauth_destination,   reject_non_fqdn_recipient,   check_recipient_access hash:/etc/postfix/recipient_access   check_policy_service inet:   permit
smtpd_restriction_classes = local_only
smtpd_sender_restrictions = reject_unknown_sender_domain,         reject_non_fqdn_sender,         permit
smtpd_soft_error_limit = 1
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

More information about the Mailman-Users mailing list