No Postfix, como não permitir que um usuário local envie e-mails, digamos [email protected], para qualquer lugar?
Eu escrevi um arquivo sender_access com as seguintes linhas
# cat sender_access
joe REJECT
[email protected] REJECT
E carregado como um hash postmap hash:sender_access , adicionei em main.cf a linha
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
e finalmente reiniciei o postfix. Mas o usuário ainda escreve na fila ativa. Talvez haja alguma outra opção de interferência no conf.
Este é o meu postconf -n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mydestination = mail.example.com, localhost.neencloud.it, , localhost, mail.example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
Isso faz parte de mail.log :
Aug 12 15:59:09 ne538 postfix/qmgr[31440]: 4601E7AD8EE7: from=<[email protected]>, size=115624, nrcpt=1 (queue active)
Aug 12 15:59:09 ne538 postfix/pickup[16329]: 70E627AD8EE8: uid=1051 from=<joe>
Aug 12 15:59:09 ne538 postfix/cleanup[16320]: 70E627AD8EE8: message-id=<[email protected]>
Aug 12 15:59:09 ne538 postfix/error[16339]: 4601E7AD8EE7: to=<[email protected]>, relay=none, delay=0.45, delays=0.32/0/0/0.13, dsn=4.7.0, status=deferred (delivery temporarily suspended: host mta5.am0.yahoodns.net[63.250.192.45] refused to talk to me: 421 4.7.0 [TS01] Messages from 85.159.145.207 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 12 15:59:09 ne538 postfix/qmgr[31440]: 70E627AD8EE8: from=<[email protected]>, size=115630, nrcpt=1 (queue active)
Aug 12 15:59:09 ne538 postfix/pickup[16329]: 91B8A7AD8EE9: uid=1051 from=<joe>
Aug 12 15:59:09 ne538 postfix/cleanup[16210]: 91B8A7AD8EE9: message-id=<[email protected]>
Aug 12 15:59:09 ne538 postfix/smtp[7647]: 73BCC7AD8EE0: host mta6.am0.yahoodns.net[98.138.112.35] refused to talk to me: 421 4.7.0 [TS01] Messages from 85.159.145.207 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
Aug 12 15:59:09 ne538 postfix/error[16335]: 70E627AD8EE8: to=<[email protected]>, relay=none, delay=0.52, delays=0.3/0/0/0.22, dsn=4.7.0, status=deferred (delivery temporarily suspended: host mta5.am0.yahoodns.net[63.250.192.45] refused to talk to me: 421 4.7.0 [TS01] Messages from 85.159.145.207 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html)
Aug 12 15:59:09 ne538 postfix/qmgr[31440]: 91B8A7AD8EE9: from=<[email protected]>, size=115625, nrcpt=1 (queue active)
Aug 12 15:59:09 ne538 postfix/pickup[16329]: C6C807AD8EEA: uid=1051 from=<joe>
Aug 12 15:59:09 ne538 postfix/cleanup[16320]: C6C807AD8EEA: message-id=<[email protected]>
Aug 12 15:59:09 ne538 postfix/smtp[7647]: 73BCC7AD8EE0: host mta5.am0.yahoodns.net[66.196.118.37] refused to talk to me: 421 4.7.0 [TS01] Messages from 85.159.145.207 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
Se você quiser permitir que determinados usuários acessem o envio de e-mails locais, o parâmetro que você precisa usar é authorized_submit_users , o único problema é que é uma lista de permissões, esperamos que você não tenha muitos usuários locais que precisam enviar e-mails. Se você tiver o postfix 2.4+, poderá usar um formato como este: authorized_submit_users = !joe, static:all
que é joe não, todo mundo sim.
Acredito que este artigo fornecerá as informações necessárias: link
Tags postfix