[Mailman-Users] sender restrictions
Jardar Eggesbø Abrahamsen
jardar at nvg.ntnu.no
Tue Jun 21 23:21:13 CEST 2005
I want to deny a certain local user (testbrukar) the ability to send
e-mail to destinations outside the local domain. I have tried this:
http://www.postfix.org/RESTRICTION_CLASS_README.html
The result here is exactly the same as when I tried to deny the user _all_
sending abilities (using check_sender_access only, without any
smtpd_restriction_classes): If I telnet to port 25, access is denied to
the sender. But if the user uses pine, the e-mail is accepted
Examples from the configuration where the user "testbrukar" is allowed to
send e-mail to his own domain but not to other domains:
With pine:
Jun 21 22:34:59 ludde postfix/smtpd[15600]: connect from localhost[127.0.0.1]
Jun 21 22:34:59 ludde postfix/smtpd[15600]: 3BE72FA10:
client=localhost[127.0.0.1]
Jun 21 22:34:59 ludde postfix/cleanup[15597]: 3BE72FA10:
message-id=<Pine.LNX.4.62.0506212234440.15567 at ludde.domain.tld>
Jun 21 22:34:59 ludde postfix/qmgr[15594]: 3BE72FA10:
from=<testbrukar at domain.tld>, size=1099, nrcpt=1 (queue active)
Jun 21 22:34:59 ludde postfix/smtpd[15600]: disconnect from
localhost[127.0.0.1]Jun 21 22:34:59 ludde amavis[15549]: (15549-01) Passed
CLEAN, <testbrukar at domain.tld> -> <jardar at otherdomain.tld>, Message-ID:
<Pine.LNX.4.62.0506212234440.15567 at ludde.domain.tld>, Hits: -1.25, 2162 ms
With telnet localhost 25:
Jun 21 22:35:55 ludde postfix/smtpd[15614]: connect from
localhost[127.0.0.1]
Jun 21 22:36:16 ludde postfix/smtpd[15614]: NOQUEUE: reject: RCPT from
localhost[127.0.0.1]: 554 <testbrukar at domain.tld>: Sender address
rejected: Access denied; from=<testbrukar at domain.tld>
to=<jardar at otherdomain.tld> proto=SMTP helo=<localhost>
postconf -n:
alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases
command_directory = /usr/sbin/
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /usr/doc/postfix-2.2.3/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, www.$mydomain, 127.0.0.1
mydomain = domain.tld
myhostname = ludde.domain.tld
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/doc/postfix-2.2.3/README_FILES
recipient_delimiter = +
relayhost =
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks, reject_unauth_pipelining, check_sender_access hash:/etc/postfix/sender_ikkje_rbl, reject_rbl_client cbl.abuseat.org, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client combined.njabl.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client rbl-plus.mail-abuse.org, reject_rbl_client relays.ordb.org, check_client_access hash:/etc/postfix/client_access permit
smtpd_error_sleep_time = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, check_helo_access hash:/etc/postfix/helo_checks, permit
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, check_recipient_access hash:/etc/postfix/recipient_access check_policy_service inet:127.0.0.1:10023 permit
smtpd_restriction_classes = local_only
smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit
smtpd_soft_error_limit = 1
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
More information about the Mailman-Users
mailing list