Re: Restriction class limitations
- Glen Lee Edwards:
> > I would guess the problem is that your web server submits mailYou don't have to change sendmail file permissions.
> > using the 'sendmail' command rather than through SMTP.
> > Postfix smtpd_*_restrictions are only effective on mail
> > submitted via SMTP.
> Yes, that's correct. Is there a work around? I suppose I could change
> the ownership of the 'sendmail' command so the webserver can't use it
> and force everyone to use SMTP.
Instead, you can specify the "legitimate" senders with the main.cf
authorized_submit_users (default: static:anyone)
List of users who are authorized to submit mail with the sendmail(1)
command (and with the privileged postdrop(1) helper command).
By default, all users are allowed to submit mail. Otherwise, the real
UID of the process is looked up in the system password file, and access
is granted only if the corresponding login name is on the access list.
The username "unknown" is used for processes whose real UID is not
found in the password file. To deny mail submission access to all users
specify an empty list.
Specify a list of user names, "/file/name" or "type:table" patterns,
separated by commas and/or whitespace. The list is matched left to
right, and the search stops on the first match. A "/file/name" pattern
is replaced by its contents; a "type:table" lookup table is matched
when a name matches a lookup key (the lookup result is ignored). Con-
tinue long lines by starting the next line with whitespace. Specify
"!pattern" to exclude a user name from the list. The form "!/file/name"
is supported only in Postfix version 2.4 and later.
authorized_submit_users = !www, static:all
This feature is available in Postfix 2.2 and later.