Created
January 22, 2015 13:54
-
-
Save theothertom/750d1c3250c858fb6329 to your computer and use it in GitHub Desktop.
Postfix - limiting destination domains by sending user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The various runes for limiting senders to specific domains in Postfix. This was done to prevent accidental information disclosure from an MTA shared between monitoring (send to Internet) and application (send to internal addresses only). | |
The result of the config is that users in the pingu_domains class can only send mail to penguinanddaemon.com, and users in the internet class can send mail everywhere apart from penguinanddaemon.com. Don't forget about running postmap on the mapping files |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
smtpd_recipient_restrictions = | |
check_sender_access hash:/etc/postfix/restricted_senders | |
permit_mynetworks, | |
permit_inet_interfaces, | |
check_relay_domains | |
permit_sasl_authenticated, | |
smtpd_restriction_classes = pingu_mail,internet | |
pingu_mail = | |
check_recipient_access hash:/etc/postfix/pingu_domains, reject | |
internet = | |
check_recipient_access hash:/etc/postfix/pingu_domains_invert |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
penguinanddaemon.com OK |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
penguinanddaemon.com Reject |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
standard_user internet | |
internal_user pingu_mail | |
standard_user@cromarty.racksofwin.net internet | |
internal_user@cromarty.racksofwin.net pingu_mail |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment