Re: Restrict outgoing/submission to defined local or virtual users
Matus: why just outgoing? Are you willing to accept spam with fake from in your domain? On 07.09.17 15:13, Scott Techlist wrote: I am not willing. Inbound is already restricted and functioning properly. That said, I migrated my configs from an older version of PF so now you made me worry about *how* it is restricted. I have set at postfix level for local, virtual and relay users: local_recipient_maps = hash:/etc/postfix/local_recipient virtual_alias_maps = hash:/etc/postfix/virtual_users relay_recipient_maps = hash:/etc/postfix/relay_recipients If the email isn't in one of those, it is rejected. I *thought* it was those settings that are causing/accomplishing the inbound invalid address restricting. No? Fuzzy on this detail. I will deploy reject_unlisted_sender for outbound checking. I gather it will also consult local, virtual, and relay maps for what is "listed"? I believe you must configure reject_unlisted_sender everywhere in order to check sender address if it exists. That's why I recommended you to do it (and put it before all permit_* options). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
RE: Restrict outgoing/submission to defined local or virtual users
Matus: >why just outgoing? Are you willing to accept spam with fake from in your >domain? I am not willing. Inbound is already restricted and functioning properly. That said, I migrated my configs from an older version of PF so now you made me worry about *how* it is restricted. I have set at postfix level for local, virtual and relay users: local_recipient_maps = hash:/etc/postfix/local_recipient virtual_alias_maps = hash:/etc/postfix/virtual_users relay_recipient_maps = hash:/etc/postfix/relay_recipients If the email isn't in one of those, it is rejected. I *thought* it was those settings that are causing/accomplishing the inbound invalid address restricting. No? Fuzzy on this detail. I will deploy reject_unlisted_sender for outbound checking. I gather it will also consult local, virtual, and relay maps for what is "listed"? Thanks.
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 2:48 PM, techlist06 wrote: Is it possible to restrict outgoing mail to be from one of my "valid" local or virtual aliases? And I want to restrict outbound from one address in particular. On 05.09.17 15:25, Noel Jones wrote: The easiest way would be to add -o smtpd_sender_restrictions=reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender why just outgoing? Are you silling to accept spam with fake from in your domain? Simply add reject_unlisted_sender to smtpd_sender_restrictions at postfix level. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 42.7 percent of all statistics are made up on the spot.
Re: Restrict outgoing/submission to defined local or virtual users
First time I've tried the inline map type. And, I think the spaces may have been what was hosing my earlier attempts. Appreciate the pointer very much. Will give this a go. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 3:39 PM, techlist06 wrote: > Just what I was hoping for, the easy button. Thank you. > > What about the one (valid) sender I want to prevent? I've got a IMAP > account setup for spam reporting, I want to be sure no one who has access to > it sends anything from that account. > > > > > > > -- > Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html > Use a check_sender_access map to reject that one sender. You can't use spaces in master.cf, so do something like: main.cf: submission_sender_restrictions = reject_unlisted_sender, check_sender_access inline:{ s...@example.com=REJECT } master.cf: ... submission ... -o smtpd_sender_restrictions=$submission_sender_restrictions My example uses the inline: map type, which is great for simple tables with few elements, but any postfix map type may be used. http://www.postfix.org/DATABASE_README.html#types -- Noel Jones
Re: Restrict outgoing/submission to defined local or virtual users
Just what I was hoping for, the easy button. Thank you. What about the one (valid) sender I want to prevent? I've got a IMAP account setup for spam reporting, I want to be sure no one who has access to it sends anything from that account. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: Restrict outgoing/submission to defined local or virtual users
On 9/5/2017 2:48 PM, techlist06 wrote: > Postfix 3.2.2, Centos7. All functioning as configured. I have a few local > accounts, several virtual addresses delivered to those accounts, and some > domains relayed, the latter do not submit mail through this box. > > All local accounts send via TLS authentication on 587. Currently I don't > think I have any restrictions on what an outbound address can be. I do have > some aliases so I do not want to restrict to logon names only. > > Is it possible to restrict outgoing mail to be from one of my "valid" local > or virtual aliases? And I want to restrict outbound from one address in > particular. > > I looked here: > http://www.postfix.org/RESTRICTION_CLASS_README.html > but if the answer is there I'd be grateful for some more help, I didn't get > it. On or off-list. > > Right now my submission section of master.cf I sbelow. I tried adding > something here as -o o smtpd_sender_restrictions but didn't get that right. > > submission inetn - n - - smtpd > ## subsequent indented lines override main.cf settings. > -o content_filter= > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject > -o smtpd_sasl_type=dovecot > -o smtpd_sasl_path=private/auth > -o smtpd_sasl_security_options=noanonymous > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o syslog_name=postfix-submission > -o milter_macro_daemon_name=ORIGINATING > > Happy to provide all the configs if needed. > > > The easiest way would be to add -o smtpd_sender_restrictions=reject_unlisted_sender http://www.postfix.org/postconf.5.html#reject_unlisted_sender -- Noel Jones