Postfix restrict recipients
Solution 1
A check_mumble_access table will never return a default value of REJECT; the fallthrough default is always DUNNO, meaning it will check the rest of the restrictions.
You also don't want to return OK for all domains you wish to allow, since that does not check the rest of the restrictions.
You should set up submission on port 587 with SASL and TLS to submit mail to the postfix machine; this dedicated listener can then allow traffic only to the one domain.
Failing that, you will have to create a restriction_class for it, so that the permit_checks are dependent on the recipient (domain) AND the sender(domain).
This is a non-trivial excercise.
Solution 2
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/protected_destinations
...the usual stuff...
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
/etc/postfix/protected_destinations:
[email protected] insiders_only
[email protected] insiders_only
/etc/postfix/insiders:
my.domain OK matches my.domain and subdomains
another.domain OK matches another.domain and subdomains
taken from here: http://vicky2183.wordpress.com/2010/07/09/postfix-per-recipient-sender-restrictions/
I used such a setup few years ago. I restricted local recipients to send and also receive emails only from allowed destinations.
Related videos on Youtube
Eleven-Two
Updated on September 18, 2022Comments
-
Eleven-Two almost 2 years
how can I configure postfix to allow sending to a certain (external) domain only?
I'm already using check_recipient_access. Content of my /etc/postfix/recipients_restrictions:
domain.com OK
My (current) configuration:
smtpd_recipient_restrictions = permit_mynetworks, check_recipient_access hash:/etc/postfix/recipients_restrictions, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, reject
I have already tried to switch permit_mynetworks and check_recipient_access. If I create an entry like "baddomain.com REJECT" in recipients_restrictions file, it works fine. I found out, there is no way to create a wildcard for "Reject" in this file (please correct me, if I'm wrong).
I want this server to send to addresses for few domains only and restrict it from sending any mails to any other domain as a matter of security.