On Wed, May 07, 2025 at 02:56:11PM +0530, Srinivasa Gowd S wrote: > The following entries are present in the "check_sender_access" table. > We have configured it so that "[email protected]" and > "[email protected]" are treated as privileged users. All users can send > emails to domains @sutisoft.com, @sutisoft.ca and @sutisoft.net. > ------------- > #/etc/postfix# cat check_sender_access > > [email protected] OK > [email protected] OK > @sutisoft.com OK > @sutisoft.ca OK > @sutisoft.net OK
But these are sender address checks, so the last three entries also allow any *sender* address in those three domains to send mail to anyone. > This configuration is not working and the user "[email protected]" are > sending emails to @gmail.com. Well, this address is not matched in the table at all, so it just falls through to "permit_mynetworks", which allows the delivery. > From: Viktor Dukhovni via Postfix-users <[email protected]> > Sent: 07 May 2025 13:29 > To: [email protected] > Subject: [pfx] Re: Configuration Request: Restrict Outgoing Emails to > Allowed Domains, Allow All Incoming, and Bypass Restrictions for Privileged > Users > > On Wed, May 07, 2025 at 12:57:29PM +0530, Srinivasa Gowd S via Postfix-users > wrote: > > > 1. Allow incoming emails from all external domains to all internal > > users. > > 2. Restrict outgoing emails for all users so they can only send to > > a list of allowed domains. > > 3. Allow specific privileged users to bypass this restriction and > root@mail:/etc/postfix# cat check_sender_access > > > send emails to any external domain. > > > > smtpd_recipient_restrictions = > > check_recipient_access hash:/etc/postfix/recipient_access > > check_sender_access hash:/etc/postfix/check_sender_access > > permit_mynetworks > > permit_sasl_authenticated You probably want to remove the above two permits. > > reject_unauth_destination > > check_policy_service unix:private/policyd-spf > > permit > -- Viktor. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
