On 4 Jul 2016, at 7:10, mmgomess wrote:
Bill, sorry if I'm being inconvenient, but my knowledge of Postfix is
very
basic.
I understand but I do not know how to do. Could you explain better how
I do
it?
Thank you
Marcelo
P.S. Yes, I offer a submission (port 587) service.
This makes it simpler. You have not posted enough details about your
configuration for me to give you a certain precise answer, but I'll try
as best I can. see the last section of the Postfix "DEBUG_README" file
regarding how to get help here most effectively.
Assuming that your postfix config directory is /etc/postfix/ and that
all of your users are able to use port 587 submission:
1. Add this line to main.cf if it is not already there:
smtpd_sasl_auth_enable = no
2. If you do not already have a "check_sender_access" clause in one of
the restriction lists (e.g. smtpd_sender_restrictions) in main.cf, add
one like this BEFORE any permit* clause in the list:
check_sender_access pcre:/etc/postfix/badsenders
And in /etc/postfix/badsenders, a line like this (using your real domain
in the left side):
/yourdomain\.example\.com$/ 550 5.7.1 Local users must use port 587
authenticated submission
NOTE: if you already have a "check_sender_access" clause that does not
follow a permit* clause, you can instead add that line (or the
equivalent in the proper syntax for hash or other table types) to the
existing map file and run 'postmap' on the map file if it is a type that
requires postmap.
3. In master.cf you have a set of lines defining your submission service
that looks something like this:
submission inet n - n - - smtpd
-o syslog_name=postfix/submit
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
That is actually a single logical line, with the trailing indented lines
defining option arguments to the smtpd program which differ from the
configuration in main.cf. You should add a line like this:
-o header_checks=pcre:/etc/postfix/header_checks
And in /etc/postfix/header_checks:
/^To: [^@]*@[^@]*@[^@]*@[^@]*@[^@]*@/ 550 5.7.1 To: headers are limited
to 4 addresses
If you don't have pcre map support, both of the examples I've given
above would work in regexp maps also. Keep in mind that header
restrictions CANNOT restrict the number of actual recipients of a
message, since that is a function of the number of SMTP RCPT commands
are accepted for the message, which is done before the DATA command that
initiates sending the message headers and body. Also, if you really want
to limit To: headers you may also want to limit Cc: headers. Thee is no
way to limit the combined content of To: and Cc: in Postfix itself,
since header_checks operates on one header line at a time and does not
remember anything about previous lines. To do multi-header checks you
would need to use a more sophisticated filtering tool like SpamAssassin.
