Israel Garcia a écrit : > Hi > I have some apps on a debian server which use to send mail using > localhost on the same server and I want allow only email sent to this > address u...@domain and reject all other. This is my main.cf > > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > biff = no > append_dot_mydomain = no > readme_directory = no > > # TLS parameters > smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key > smtpd_use_tls=yes > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache > > myhostname = myserver.mydomain > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = myserver.mydomain, localhost.speedyrails.ca, , localhost > smtpd_recipient_restrictions = > check_recipient_access hash:/etc/postfix/recipients, > check_relay_domains, > reject > > relayhost = [lbsmtp] > smtp_host_lookup = dns,native > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = localhost > mailbox_command = > default_transport = smtp > relay_transport = smtp > smtp_host_lookup=dns,native > inet_protocols = ipv4 > > /etc/postfix/recipient file: > > u...@domain OK > \...@\* REJECT
the last line is useless. > > So, if I test sending mail using mail command or mutt rules does not > work, but, if I use telnet or nc to connect to localhost on 25/tcp > port rule works. Simple question, WHY? because smtpd_* parameters apply to mail received via SMTP. > > How can I restrict my server to send mail TO u...@domain? > There are many ways... [transports] instead of using smtpd restrictions, you can use transport_maps: u...@domain smtp: * error:recipient address not allowed (note that '*' only works for transport_maps. don't use it in access maps). [smtpd restrictions via a content filter] you can force mail submitted via the sendmail (pickup) interface to go through smtpd by adding -o content_filter=smtp:[127.0.0.1]:25 under the "pickup" service in master.cf. However: - if you do so, you must not use the sendmail command after content filtering. otherwise, you'll get an infinite loop. - mail that will be rejected will cause a bounce. you need to handle this. Instead of "reject", you could use HOLD to put mail on hold (and remove it manually using the postsuper command), or you can > NOTES: > This server only accept mails from localhost > This server send mails to a load balancer [lbsmtp] > > thanks in advance >