Filter outgoing mail /w Server 10.6.3

T

Tranziq

Registered
I am using the mail server service (dovecot/postfix) in 10.6.3 and my management is now asking me to only allow the users to email certain email hostnames

for instance I only want my clients to be able to email all users at

asdf.com
fsda.com
hlkdjh.com
rt.jhgf.com


and reject sending to all other email addresses

pretty much create a whitelist of email addresses in which my users can send emails to.

any ideas?
 
Should this work?
smtpd_restriction_classes = allowed_only
allowed_only = check_recipient_access hash:/etc/postfix/allowed_domains, reject

if placed in the main.cf with allowed domains in the postfix folder
I postmap'd the allowed_domains file

allowed_domains file is as follows
asdf.com OK
fsda.com OK
hlkdjh.com OK
rt.jhgf.com OK
in theory this should work... right?
 
So I am not sure what I am doing wrong. I have 3 items at the bottom of my config that I am playing with to achieve the blacklist (Only able to send to certian addresses, reject all others) and I either get no change or it stops all mail traffic all together

All I want to do is allow sending of emails to the allowed_domains list and reject everything else

does anyone see any red flags on things I should change or a better way to accomplish this?

smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
mydomain_fallback = localhost
message_size_limit = 20971520
biff = no
mynetworks = 127.0.0.0/8,17.119.0.0/16,12.178.0.0/16
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
recipient_delimiter = +
virtual_alias_maps =
smtpd_pw_server_security_options = gssapi,cram-md5,login,plain
enable_server_options = yes
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit
mailbox_transport = dovecot
inet_interfaces = all
smtpd_tls_cert_file = /etc/certificates/xxxxxxxx.xxxxx.us.LAKSJDHF980A9D8F0ADSGT0AD7G60AG760A7DSGDB9.cert.pem
smtpd_tls_key_file = /etc/certificates/xxxxxxx.xxxxxxx.us.LAKSJDHF980A9D8F0ADSGT0AD7G60AG760A7DSGDB9.key.pem
relayhost =
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
header_checks = pcre:/etc/postfix/custom_header_checks
content_filter = smtp-amavis:http://127.0.0.1:10024
mydomain = xxxxx.xxxxxxx.us
myhostname = xxxxxxxx.us
smtpd_tls_CAfile = /etc/certificates/xxxxx.xxxxx.us.LAKSJDHF980A9D8F0ADSGT0AD7G60AG760A7DSGDB9.chain.pem
local_recipient_maps =
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
maps_rbl_domains =
owner_request_special = no
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
tls_random_source = dev:/dev/urandom

1. smtpd_client_restrictions = check_client_access hash:/etc/postfix/allowed_domains, reject
2. smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/allowed_domains, reject
3. smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/allowed_domains, reject

+++++++++++++++
/etc/postfix/allowed_domains
zxc.zxc.com OK
zxc.com OK
xxxxxxx.us OK
na.asdgghh.com OK
asdfasdf.com OK
127.0.0.1 OK
12.178.xxx.xxx OK
12.178.xxx.xxx OK
170.225.x.xx OK
 
You must log in or register to reply here.
Back
Top