Israel Garcia a écrit :
> Hi
> I have some apps on a debian server which use to send mail using
> localhost on the same server and I want allow only email sent to this
> address u...@domain and reject all other. This is my main.cf
>
> smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
> biff = no
> append_dot_mydomain = no
> readme_directory = no
>
> # TLS parameters
> smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> smtpd_use_tls=yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>
> myhostname = myserver.mydomain
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = myserver.mydomain, localhost.speedyrails.ca, , localhost
> smtpd_recipient_restrictions =
> check_recipient_access hash:/etc/postfix/recipients,
> check_relay_domains,
> reject
>
> relayhost = [lbsmtp]
> smtp_host_lookup = dns,native
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> mailbox_size_limit = 0
> recipient_delimiter = +
> inet_interfaces = localhost
> mailbox_command =
> default_transport = smtp
> relay_transport = smtp
> smtp_host_lookup=dns,native
> inet_protocols = ipv4
>
> /etc/postfix/recipient file:
>
> u...@domain OK
> \...@\* REJECT
the last line is useless.
>
> So, if I test sending mail using mail command or mutt rules does not
> work, but, if I use telnet or nc to connect to localhost on 25/tcp
> port rule works. Simple question, WHY?
because smtpd_* parameters apply to mail received via SMTP.
>
> How can I restrict my server to send mail TO u...@domain?
>
There are many ways...
[transports]
instead of using smtpd restrictions, you can use transport_maps:
u...@domain smtp:
* error:recipient address not allowed
(note that '*' only works for transport_maps. don't use it in access maps).
[smtpd restrictions via a content filter]
you can force mail submitted via the sendmail (pickup) interface to go
through smtpd by adding
-o content_filter=smtp:[127.0.0.1]:25
under the "pickup" service in master.cf. However:
- if you do so, you must not use the sendmail command after content
filtering. otherwise, you'll get an infinite loop.
- mail that will be rejected will cause a bounce. you need to handle
this. Instead of "reject", you could use HOLD to put mail on hold (and
remove it manually using the postsuper command), or you can
> NOTES:
> This server only accept mails from localhost
> This server send mails to a load balancer [lbsmtp]
>
> thanks in advance
>
