How to create restriction classes

Y

yuki_nemurenai

Member
Sep 5, 2022
1
0
6
Hi all!
I want to make a restriction on several e-mail addresses for sending only to internal domains (all other addresses are unlimited).
I found this instruction:
http://www.postfix.org/RESTRICTION_CLASS_README.html
And changed the configuration file /etc/pmg/templates/main.cf.in
Code: 
smtpd_restriction_classes = internal_only
internal_only =
        check_recipient_access  hash:/etc/postfix/internal_only, reject

smtpd_sender_restrictions =      
        check_sender_access     hash:/etc/postfix/senderaccess
        permit_mynetworks
        reject_non_fqdn_sender
        check_client_access     cidr:/etc/postfix/clientaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF pmg.mail.rejectunknown %] reject_unknown_client_hostname[% END %]
[%- IF pmg.mail.rejectunknownsender %] reject_unknown_sender_domain[% END %]

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_sender_access     hash:/etc/postfix/restricted_senders
        check_recipient_access  regexp:/etc/postfix/rcptaccess
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]
[%- IF postfix.usepolicy %] check_policy_service inet:127.0.0.1:10022[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unknown_recipient_domain[% END %]
[%- IF pmg.mail.verifyreceivers %] reject_unverified_recipient[% END %]
But it doesn't work

/etc/postfix/internal_only
Code: 
domain.com        OK
domain2.com        OK

/etc/postfix/restricted_senders
Code: 
email@domain.com        internal_only

email@domain.com can still send mail to external addresses. Please help!
 
Last edited:
on a hunch - depending on which port email@domain.com is relaying mail you might need to adapt master.cf.in also (the internal port has different settings for smtpd_*_restrictions

I hope this helps!

Alternatively you could maybe also implement this in the rule system (with an outbound rule with email@domain.com as from object and domain.com, domain2.com as to object and accept as action - and one more rule with the same from object, no to objects and block/quarantine as action

if both do not work for you start the postfix processes in verbose mode to get more information:
https://www.postfix.org/DEBUG_README.html#verbose
 
  • Like
Reactions: yuki_nemurenai
You must log in or register to reply here.
Top Bottom