Restricting Intra-Office Receiving

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Restricting Intra-Office Receiving

asai
Greetings,

I've worked out how to restrict intra-office sending from a user to a
user, but I'm a bit stumped on how to restrict intra-office receiving;
restricting from who a user can receive mail.

This is what I have at this point:

smtpd_recipient_restrictions =  permit_sasl_authenticated,
         reject_invalid_hostname,
         reject_unknown_reverse_client_hostname,
         reject_non_fqdn_sender,
         reject_non_fqdn_recipient,
         reject_unknown_sender_domain,
         reject_unauth_destination,
         check_recipient_access
mysql:/etc/postfix/mysql_restricted_recipients.cf

Can someone point me in the right direction?

Thanks.

--
--Asai

Reply | Threaded
Open this post in threaded view
|

Re: Restricting Intra-Office Receiving

asai
I think I got it:

smtpd_relay_restrictions = permit_mynetworks,
         check_recipient_access
mysql:/etc/postfix/mysql_restricted_recipients.cf,
         permit_sasl_authenticated,
         defer_unauth_destination

I moved check_recipient_access from smtpd_recipient_restrictions to
smtpd_relay_restrictions, and it seems to work.  Does anyone see a
problem with this?

--Asai

On 6/25/14 8:51 AM, Asai wrote:

> Greetings,
>
> I've worked out how to restrict intra-office sending from a user to a
> user, but I'm a bit stumped on how to restrict intra-office receiving;
> restricting from who a user can receive mail.
>
> This is what I have at this point:
>
> smtpd_recipient_restrictions =  permit_sasl_authenticated,
>         reject_invalid_hostname,
>         reject_unknown_reverse_client_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unauth_destination,
>         check_recipient_access
> mysql:/etc/postfix/mysql_restricted_recipients.cf
>
> Can someone point me in the right direction?
>
> Thanks.
>

Reply | Threaded
Open this post in threaded view
|

Re: Restricting Intra-Office Receiving

Viktor Dukhovni
On Wed, Jun 25, 2014 at 09:46:33AM -0700, Asai wrote:

> I think I got it:
>
> smtpd_relay_restrictions = permit_mynetworks,
>         check_recipient_access
> mysql:/etc/postfix/mysql_restricted_recipients.cf,
>         permit_sasl_authenticated,
>         defer_unauth_destination
>
> I moved check_recipient_access from smtpd_recipient_restrictions to
> smtpd_relay_restrictions, and it seems to work.  Does anyone see a problem
> with this?

Once this is seen to not do anything wrong, change
"defer_unauth_destination" to "reject_unauth_destination".

--
        Viktor.