Re: smtpd_recipient_restrictions = check_recipient_access & sendmail
- On Mon, 05 Apr 2010 15:01:24 -0500
Noel Jones <njones@...> wrote:
> On 4/5/2010 2:48 PM, Dan Farrell wrote:Thank you Noel,
> > Hi List! Hail, Postfix Gurus!
> > I'm having problems using smtpd_recipient_restrictions with
> > check_recipient_access.
> > My goal is to send mail from this machine only to email addresses I
> > specify. All other mail should be rejected, including mail from
> > localhost. (It's a development server used for testing websites,
> > and some of those websites have bulk mailing features so it's
> > important only developers and admins get the email). The machine
> > only delivers mail from local sources and needn't receive any mail
> > at all.
> > I've managed to configure postfix to reject mail that I try to send
> > from the local machine with telnet:
> > However PHP's mail() function still sends. I think php's mail()
> > uses sendmail; I noticed that I can also send to unauthorized
> > recipients with postfix's sendmail program.
> > My question is this: how do I reject recipients when I send mail
> > through postfix's sendmail, or through PHP?
> > I've attached main.cf and relay_recipients as well. I'm trying to
> > use relay_recipients as an access table for check_recipient_access
> > as well as the relay_recipients table. Is that OK?
> > It seems as though my telnet connections are triggering
> > reject_unauth_destination, because of the failed lookup in
> > relay_domains and/or relay_recipient_maps. Perhaps these lookups
> > don't apply in the case of sendmail submissions, which are "even
> > more local" than localhost:25 connections?
> > I am clearly missing the magic words that impose recipient
> > restrictions on sendmail submissions just as my current config does
> > for localhost:25 submissions. I thought chech_recipient_access
> > seemed perfect, but it's inclusion in smtpd_recipient_restrictions
> > seems to have had no affect.
> > Thank you very much for your help. I truly appreciate it.
> > Exhibits:
> >  telnet transcript
> > [root@dev ~]# telnet localhost 25
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > 220 dev.srv.inetglobal.com ESMTP Postfix (2.6.5)
> > helo localhost
> > 250 dev.srv.inetglobal.com
> > mail from: dan@localhost
> > 250 2.1.0 Ok
> > rcpt to: dan@...
> > 554 5.7.1<dan@...>: Relay access denied
> > rcpt to: dan@...
> > 550 5.1.1<dan@...>: Recipient address rejected: User unknown in
> > relay recipient table quit
> > 221 2.0.0 Bye
> > Connection closed by foreign host.
> >  sendmail transcript
> > [root@dev ~]# sendmail dan@...
> > Hi Dan!
> > .<the mail can be found in dan@... inbox>
> Perhaps surprisingly, postfix smtpd_*_restrictions only apply
> to mail submitted via SMTP. The sendmail(1) command does not
> submit mail via SMTP.
> One way to limit delivery for testing is to set
> "default_transport = error:" and then list valid recipients in
> transport_maps pointing to the smtp: or local: transport as
> -- Noel Jones
I was afraid of that. I guess it makes sense. So, if I actually sent
mail through a seperate postfix relay, my configuration would work
perfectly, but since submission is done via sendmail and therefore
submitted directly to postdrop, the smtpd restrictions don't apply.
I will do as you suggest. Anyone else have suggestions for blocking
most email in this situation?