How to restrict domain in postfix ?
J. Bakshi
My postfix server is running on a internal test server and we use the
mail server to test the different services which has mail sending
capabilities. I like to tweak the postfix so that it only and only send
emails to a specific domain and not anywhere else. Is it possible to
implement in postfix ? Please let me know.
Thanks
--
জয়দীপ বক্সী
Sahil Tandon
> My postfix server is running on a internal test server and we use the
> mail server to test the different services which has mail sending
> capabilities. I like to tweak the postfix so that it only and only
> send emails to a specific domain and not anywhere else. Is it possible
> to implement in postfix?
Yes: http://www.postfix.org/access.5.html
--
Sahil Tandon <sa...@tandon.net>
J. Bakshi
Hello Sahil,
Thanks to point it out :-) I am looking into it. Is there any other
option so that I can only define the domain name with the proper keyword
in main.cf and postfix send mails to only that domain ?
thanks
Eero Volotinen
> Thanks to point it out :-) I am looking into it. Is there any other
> option so that I can only define the domain name with the proper keyword
> in main.cf and postfix send mails to only that domain ?
Err.. why? I think access is nicest way to do it.
--
Eero
J. Bakshi
Could you kindly give me an example to restrict the domain with access ?
Thanks
Eero Volotinen
How about following:
access.pcre:
/^DOMAIN\.NET$/ OK
/./ REJECT
And then you can use it on various places in main.cf:
(pcre:/etc/postfix/access.pcre)
--
Eero
Eero Volotinen
> Could you please enlighten me what is missing here ?
>
Yes, you didn't follow my example. How about replacing DOMAIN\.NET with
your domain without deleting /./ REJECT line. It's also pcre, not hash
table.
Please post questions also to mailinglist, since I am your personal
helpdesk.
--
Eero
Eero Volotinen
> Please post questions also to mailinglist, since I am your personal
> helpdesk.
Not personal helpdesk, sorry.
--
Eero
J. Bakshi
> J. Bakshi wrote:
>> Eero Volotinen wrote:
>>> J. Bakshi wrote:
>>>
>>>> Thanks to point it out :-) I am looking into it. Is there any other
>>>> option so that I can only define the domain name with the proper
>>>> keyword
>>>> in main.cf and postfix send mails to only that domain ?
>>> Err.. why? I think access is nicest way to do it.
>>
>> Could you kindly give me an example to restrict the domain with access ?
>
> How about following:
>
> access.pcre:
>
> /^DOMAIN\.NET$/ OK
> /./ REJECT
>
>
> And then you can use it on various places in main.cf:
> (pcre:/etc/postfix/access.pcre)
>
>
>
> --
> Eero
>
Thanks for the example. I am telling you what I have already done here.
1# create the acl file
/etc/postfix/send_domain_restriction
=============================
mydomain.com OK
#2 configure mail.cf
smtpd_recipient_restrictions = hash:/etc/postfix/send_domain_restriction
#3. create the db and restart postfix
=============================
postmap /etc/postfix/send_domain_restriction
restart /etc/init.d/postfix
But still I am able send email to other domains :-( It should be
restricted to <mydomain.com>
Could you please enlighten me what is missing here ?
thanks
J. Bakshi
> J. Bakshi wrote:
>> Eero Volotinen wrote:
>>> J. Bakshi wrote:
>>>
>>>> Thanks to point it out :-) I am looking into it. Is there any other
>>>> option so that I can only define the domain name with the proper
>>>> keyword
>>>> in main.cf and postfix send mails to only that domain ?
>>> Err.. why? I think access is nicest way to do it.
>>
>> Could you kindly give me an example to restrict the domain with access ?
>
> How about following:
>
> access.pcre:
>
> /^DOMAIN\.NET$/ OK
> /./ REJECT
>
>
> And then you can use it on various places in main.cf:
> (pcre:/etc/postfix/access.pcre)
>
>
>
> --
> Eero
>
I am afraid to say but no luck yet :-(
I have already installed "postfix-pcre" and created the access.pcre
accordingky the above pattern. main.cf has
` ` ` `
smtpd_recipient_restrictions = check_recipient_access
pcre:/etc/postfix/access.pcre, reject
` ` ` `
Eero Volotinen
> smtpd_recipient_restrictions = check_recipient_access
> pcre:/etc/postfix/access.pcre, reject
see also:
http://www.postfix.org/postconf.5.html#smtpd_client_restrictions
I think smtpd_recipient_restrictions applies only server to server
connections.
--
Eero
Magnus Bäck
> J. Bakshi wrote:
>
> > Could you kindly give me an example to restrict the domain with access ?
>
> How about following:
>
> access.pcre:
>
> /^DOMAIN\.NET$/ OK
> /./ REJECT
No, this is wrong. As per the documentation, partial lookup keys aren't
used with regexp/pcre maps, only the full recipient address.
/@example\.com$/ OK
/./ REJECT
But you could just as well list "reject" in smtpd_xxx_restrictions, after
the check_recipient_access restriction.
--
Magnus B�ck
mag...@dsek.lth.se
Magnus Bäck
What's "server to server" supposed to mean? smtpd_recipient_restrictions
is fine here.
J. Bakshi
Hello Magnus,
Thanks for your hints. I am also searching for a simple solution which
just start working from main.cf . I like my postfix to send email to a
very specific domain only; just say gmail.com so if you try to send a
mail to both gmail.com and yahoo.in then the mail will be successfully
sent to gmail account only. Unfortunately nothing of my previous
experiments are successful :-(
Thanks
Noel Jones
>
> Thanks for your hints. I am also searching for a simple solution which
> just start working from main.cf . I like my postfix to send email to a
> very specific domain only; just say gmail.com so if you try to send a
> mail to both gmail.com and yahoo.in then the mail will be successfully
> sent to gmail account only. Unfortunately nothing of my previous
> experiments are successful :-(
You have not sufficiently defined for us what you want postfix
to do. The solution will probably involve more than just
setting some flag in main.cf, but we don't really understand
the problem yet.
You keep getting conflicting answers because everyone is
solving a different problem for you. The answers you need are
likely listed in the docs
http://www.postfix.org/documentation.html
and we will happily guide you to the correct section once we
have an idea of what you're looking for.
How does this mail enter postfix? SMTP? The sendmail(1) command?
What should postfix do with mail addressed to the wrong
domain? Reject it? Force delivery to the proper domain?
Discard it?
If you try something and don't get the results you expected,
you need to show the configuration you tried, what you
expected to happen, and postfix logging of what actually
occurred. Reporting "it didn't work" just wastes time, both
ours and yours.
Before you answer, please read:
http://www.postfix.org/DEBUG_README.html#mail
-- Noel Jones
J. Bakshi
Hello Noel,
I really don't know why you fell so; but I have come here to solve the
issue with the mastery knowledge you all have. And I really have no
intension to create any conflict, I have already discussed what I am
trying to achieve and here it is once more
` ` ` `
I like my postfix server to send email not to all domains but a very specific domain only; just say gmail.com so if you try to send emails from this very server to both gmail.com and yahoo.in then the mail will be successfully delivered to gmail account only and not to yahoo account.
` ` ` `
I don't know if postfix can do so or not and I like to know it. If
postfix can do it then I am also eager to know the configuration.
J. Bakshi
More precisely, if the outgoing mails are not for a specific domain,
postfix will block those mails as well as delete it from queue.
Sahil Tandon
> Noel Jones wrote:
> > You have not sufficiently defined for us what you want postfix to
> > do. The solution will probably involve more than just setting some
> > flag in main.cf, but we don't really understand the problem yet.
> >
> > You keep getting conflicting answers because everyone is solving a
> > different problem for you. The answers you need are likely listed
> > in the docs http://www.postfix.org/documentation.html and we will
> > happily guide you to the correct section once we have an idea of
> > what you're looking for.
> >
> > How does this mail enter postfix? SMTP? The sendmail(1) command?
> >
> > What should postfix do with mail addressed to the wrong domain?
> > Reject it? Force delivery to the proper domain? Discard it?
> >
> > If you try something and don't get the results you expected, you
> > need to show the configuration you tried, what you expected to
> > happen, and postfix logging of what actually occurred. Reporting
> > "it didn't work" just wastes time, both ours and yours.
> >
> > Before you answer, please read:
> > http://www.postfix.org/DEBUG_README.html#mail
>
> issue with the mastery knowledge you all have. And I really have no
> intension to create any conflict, I have already discussed what I am
> trying to achieve and here it is once more
You have already been directed to relevant sections of the
documentation. And you have repeatedly ignored requests for more
information.
> I like my postfix server to send email not to all domains but a very
> specific domain only; just say gmail.com so if you try to send emails
> from this very server to both gmail.com and yahoo.in then the mail
> will be successfully delivered to gmail account only and not to yahoo
> account.
>
> I don't know if postfix can do so or not and I like to know it. If
> postfix can do it then I am also eager to know the configuration.
Postfix can do it; one way is to use transport(5) maps. Untested
example:
# main.cf
transport_maps = cdb:/usr/local/etc/postfix/foo.map
# foo.map
gmail.com :
* error:mail to this destination is prohibited
--
Sahil Tandon <sa...@tandon.net>
J. Bakshi
Hello Sahil,
Thanks for your response. I have not ignored any suggestions so far
because I have come here to get suggestions. If I was not able to
clarify properly then I am sorry but I discussed what I am trying to
achieve. I am very grateful to you as your suggestion is working here.
Now the postfix reports for non-allowed domain as
` ` ` `
status=bounced (mail to this destination is prohibited)
` ` ` `
Thanks to all of you.