Loading ...
Sorry, an error occurred while loading the content.

Re: Restriction class limitations

Expand Messages
  • Wietse Venema
    ... You don t have to change sendmail file permissions. Instead, you can specify the legitimate senders with the main.cf authorized_submit_users paramater.
    Message 1 of 7 , May 1, 2008
      Glen Lee Edwards:
      > > I would guess the problem is that your web server submits mail
      > > using the 'sendmail' command rather than through SMTP.
      > > Postfix smtpd_*_restrictions are only effective on mail
      > > submitted via SMTP.
      > Yes, that's correct. Is there a work around? I suppose I could change
      > the ownership of the 'sendmail' command so the webserver can't use it
      > and force everyone to use SMTP.

      You don't have to change sendmail file permissions.

      Instead, you can specify the "legitimate" senders with the main.cf
      authorized_submit_users paramater.


      authorized_submit_users (default: static:anyone)
      List of users who are authorized to submit mail with the sendmail(1)
      command (and with the privileged postdrop(1) helper command).

      By default, all users are allowed to submit mail. Otherwise, the real
      UID of the process is looked up in the system password file, and access
      is granted only if the corresponding login name is on the access list.
      The username "unknown" is used for processes whose real UID is not
      found in the password file. To deny mail submission access to all users
      specify an empty list.

      Specify a list of user names, "/file/name" or "type:table" patterns,
      separated by commas and/or whitespace. The list is matched left to
      right, and the search stops on the first match. A "/file/name" pattern
      is replaced by its contents; a "type:table" lookup table is matched
      when a name matches a lookup key (the lookup result is ignored). Con-
      tinue long lines by starting the next line with whitespace. Specify
      "!pattern" to exclude a user name from the list. The form "!/file/name"
      is supported only in Postfix version 2.4 and later.


      authorized_submit_users = !www, static:all

      This feature is available in Postfix 2.2 and later.
    Your message has been successfully submitted and would be delivered to recipients shortly.