Only accept "MAIL FROM:" one specific domain - REJECT all others

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Only accept "MAIL FROM:" one specific domain - REJECT all others

David Byrne
Hi,

I’m trying to setup an internal postfix mail server for a very specific use for a client. They need to REJECT all mail that is attempted to be sent with a MAIL FROM: value of anything other than an address at “good-domain.com” (for this example). If someone was to MAIL FORM: [hidden email] for example, it should be rejected.

I thought I could do this in a sender access file within smtpd_sender_restrictions, but I’m not having much luck.

File: /etc/postfix/main.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/insiders

File: :/etc/postfix/insiders
*@good-domain.com    OK
*@*.*     REJECT

However when I telnet to the SMTP service, I can MAIL FROM: andy address/domain I want and postfix proceeds. Can anyone suggest where I’m going wrong??

Best Regards,
Dave Byrne
Head of Technical Projects
Office: 01622 524 200
Vinters Business Park | New Cut Road | Maidstone | Kent | ME14 5NZ

VooServers Ltd registered in England and Wales No. 05598156

This communication and any attachments contain information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any form of disclosure, distribution, copying or use of this communication or the information in it or in any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please return it with the title 'received in error' to [hidden email] then delete the email and destroy any copies of it. Email communications cannot be guaranteed to be secure or error free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses. We do not accept liability for any such matters or their consequences. Anyone who communicates with us by email is taken to accept the risks in doing so. Opinions, conclusions and other information in this email and any attachments which do not relate to VooServers are neither given nor endorsed by it.


Reply | Threaded
Open this post in threaded view
|

Re: Only accept "MAIL FROM:" one specific domain - REJECT all others

Viktor Dukhovni


> On May 2, 2018, at 12:20 PM, David Byrne <[hidden email]> wrote:
>
> I thought I could do this in a sender access file within smtpd_sender_restrictions, but I’m not having much luck.
>
> File: /etc/postfix/main.cf
> smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/insiders
>
> File: :/etc/postfix/insiders
> *@good-domain.com    OK
> *@*.*     REJECT

THe syntax for access tables is documented at http://www.postfix.org/acess.5.html

Neither of the lookup key formats you're listing in the file are described
as valid forms in the documentation.

Also see:

        http://www.postfix.org/pcre_table.5.html
        http://www.postfix.org/regexp_table.5.html
        http://www.postfix.org/DATABASE_README.html
        http://www.postfix.org/DATABASE_README.html#types
        http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

The simplest approach is:

        # Empty, sub-domains must be matched explicitly
        parent_domain_matches_subdomains =
        smtpd_sender_restrictions =
                check_sender_access ...permit-table...,
                reject

where "permit-table" permits exactly the desired senders,
in accordance with the documented lookup key syntax.

--
        Viktor.