How to create restriction classes

Y

yuki_nemurenai

Member
Sep 5, 2022
1
0
6
Hi all!
I want to make a restriction on several e-mail addresses for sending only to internal domains (all other addresses are unlimited).
I found this instruction:
http://www.postfix.org/RESTRICTION_CLASS_README.html
And changed the configuration file /etc/pmg/templates/main.cf.in
Code: 
smtpd_restriction_classes = internal_only
internal_only =
        check_recipient_access  hash:/etc/postfix/internal_only, reject

smtpd_sender_restrictions =      
        check_sender_access     hash:/etc/postfix/senderaccess
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_sender_access     hash:/etc/postfix/restricted_senders
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
But it doesn't work

/etc/postfix/internal_only
Code: 
domain.com        OK
domain2.com        OK

/etc/postfix/restricted_senders
Code: 
email@domain.com        internal_only

email@domain.com can still send mail to external addresses. Please help!
 
Last edited:
on a hunch - depending on which port email@domain.com is relaying mail you might need to adapt master.cf.in also (the internal port has different settings for smtpd_*_restrictions

I hope this helps!

Alternatively you could maybe also implement this in the rule system (with an outbound rule with email@domain.com as from object and domain.com, domain2.com as to object and accept as action - and one more rule with the same from object, no to objects and block/quarantine as action

if both do not work for you start the postfix processes in verbose mode to get more information:
https://www.postfix.org/DEBUG_README.html#verbose
 
  • Like
Reactions: yuki_nemurenai
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom