>>> Postfix, by default, only queues mail that is destined for that system >>> (mydestination or virtual settings), included in mynetworks, or listed >>> in relay_domains >>> This only changes if *you* tell Postfix not to. The config below does >>> not show any such weakness. >> Hmmm, so basically there is no way to enforce that mail sent through >> the mail server will always be either from or to one of my domains :-( > > Would it be possible to use sender verification to match negatively? > That way I could run two instances of postfix and have one check > sender and the other recipient > If it comes from the internal interface at lease sender should be local > if it comes from the external interface at least recipient should be local > > Not sure if this is possible, but it would definitely solve it, at least I > think
I believe I have the solution. Unfortunately no way to implement it :-( When I add the following to main.cf, this should perform the check, so only people I know are allowed to send through postfix and they can send anywhere. This should also prevent anyone to send mail from an address that isn't one of mine. smtpd_reject_unlisted_recipient = no smtpd_reject_unlisted_sender = yes smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = Unfortunately, it does not work. The output of postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all mailbox_size_limit = 0 mydestination = myhostname = server01.fonville-it.nl mynetworks = 0.0.0.0 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = mail.fonville-it.nl, fonville-it.nl virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailbox-maps.cf virtual_transport = zarafa What have I done wrong? Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en