On Wed, Jul 20, 2016 at 12:09:24PM +0200, Marek Salwerowicz wrote:
> I have disabled globally DSN in my main.cf:
> smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/dsn_access
>
> /etc/postfix/dsn_access:
>
> # block folllowing
> 0.0.0.0/0 silent-discard, dsn
> ::/0 silent-discard, dsn
>
> Would it be possible to allow "outgoing" DSN only for my
> (sasl-authenticated) users?
It is if your users' submission is completely separate from MX
("incoming") mail.
main.cf:
smtpd_discard_ehlo_keyword_address_maps =
cidr:/etc/postfix/dsn_access
smtpd_relay_restrictions = reject_unauth_destination
mua_relay_restrictions = permit_sasl_authenticated,
reject
master.cf:
submission inet n - n - - smtpd
-o smtpd_discard_ehlo_keyword_address_maps=
-o smtpd_relay_restrictions=$mua_relay_restrictions
-o smtpd_recipient_restrictions=
... (the other option overrides as you probably already have)
Thus users will be unable to submit mail on port 25 except for mail
to your other users.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
