Questions similar to yours come up fairly often, I'm not sure why noone's jumped in yet with a rough solution that will do what you want. What you've mentioned you want:
> How do I ensure that my mail server can only send mails either to or > from mydomains? Consider that there are three situations you want to worry about: 1. Postfix receiving a mail for final delivery as the destination (local delivery) 2. Postfix receiving a mail for delivery to "somewhere else" on the internet (relaying) 3. Postfix receiving a mail submitted locally, destined for "somewhere else" on the internet (this is a special case of (2) because "local" is usually privileged) * Assume we ignore (2) because Postfix will not act as an anonymous relay by default. * Postfix will only accept mail for local domains, so (1) works as you expect. Accepting mail for remote domains would be considered relaying * Postfix (by default) *will* accept mail and relay it to remote domains, if the client is local. That covers case (3) I *think* the short, correct answer is to use a policy server: http://www.postfix.org/SMTPD_POLICY_README.html Another alternative may be restriction classes, but that can get a bit messy. I personally wouldn't trust myself to get this right, so I have no examples of my own to offer. http://www.postfix.org/RESTRICTION_CLASS_README.html > When I add the following to main.cf, this should perform the check, so > only people I know are allowed to send through postfix and they can > send anywhere. This should also prevent anyone to send mail from an > address that isn't one of mine. > > smtpd_reject_unlisted_recipient = no > smtpd_reject_unlisted_sender = yes > smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination > smtpd_sender_restrictions = I've not used the smtpd_reject_unlisted_* options before myself, but I suspect that won't work as you expect. > Unfortunately, it does not work. When you report that something doesn't work, it's best to provide log entries that support what you're saying. Basically, it's most helpful if you: 1. Describe what you expected to happen 2. Describe what you saw actually happened. 3. Show the log entries so we can see what happened. > The output of postconf -n <snip> > mydestination = This is likely to be wrong. I can see you're using virtual mailboxes, but not having any local domains at all is odd. > mynetworks = 0.0.0.0 This is *definitely* very wrong! smtpd_recipient_restrictions will allow ANY client in mynetworks to relay mail to any destination. I don't know if using smtpd_reject_unlisted_sender would prevent anything going wrong here, but this is likely to make you an open relay.
