From: Noel Jones on
On 4/5/2010 2:48 PM, Dan Farrell wrote:
> Hi List! Hail, Postfix Gurus!
>
> I'm having problems using smtpd_recipient_restrictions with
> check_recipient_access.
>
> My goal is to send mail from this machine only to email addresses I
> specify. All other mail should be rejected, including mail from
> localhost. (It's a development server used for testing websites,
> and some of those websites have bulk mailing features so it's
> important only developers and admins get the email). The machine only
> delivers mail from local sources and needn't receive any mail at all.
>
> I've managed to configure postfix to reject mail that I try to send
> from the local machine with telnet[1]:
>
> However PHP's mail() function still sends. I think php's mail() uses
> sendmail; I noticed that I can also send to unauthorized recipients
> with postfix's sendmail program[2].
>
> My question is this: how do I reject recipients when I send mail
> through postfix's sendmail, or through PHP?
>
> I've attached main.cf and relay_recipients as well. I'm trying to use
> relay_recipients as an access table for check_recipient_access as well
> as the relay_recipients table. Is that OK?
>
> It seems as though my telnet connections are triggering
> reject_unauth_destination, because of the failed lookup in
> relay_domains and/or relay_recipient_maps. Perhaps these lookups don't
> apply in the case of sendmail submissions, which are "even more local"
> than localhost:25 connections?
>
> I am clearly missing the magic words that impose recipient restrictions
> on sendmail submissions just as my current config does for localhost:25
> submissions. I thought chech_recipient_access seemed perfect, but it's
> inclusion in smtpd_recipient_restrictions seems to have had no affect.
>
> Thank you very much for your help. I truly appreciate it.
>
> Exhibits:
>
> [1] telnet transcript
>
> [root(a)dev ~]# telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 dev.srv.inetglobal.com ESMTP Postfix (2.6.5)
> helo localhost
> 250 dev.srv.inetglobal.com
> mail from: dan(a)localhost
> 250 2.1.0 Ok
> rcpt to: dan(a)spore.ath.cx
> 554 5.7.1<dan(a)spore.ath.cx>: Relay access denied
> rcpt to: dan(a)danf.us
> 550 5.1.1<dan(a)danf.us>: Recipient address rejected: User unknown in
> relay recipient table quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
>
> [2] sendmail transcript
>
> [root(a)dev ~]# sendmail dan(a)danf.us
> Hi Dan!
> .<the mail can be found in dan(a)danf.us inbox>


Perhaps surprisingly, postfix smtpd_*_restrictions only apply
to mail submitted via SMTP. The sendmail(1) command does not
submit mail via SMTP.

One way to limit delivery for testing is to set
"default_transport = error:" and then list valid recipients in
transport_maps pointing to the smtp: or local: transport as
appropriate.

-- Noel Jones