ankush grover a écrit :
Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
smtpd_*_restrictions apply to mail submitted via SMTP (which is the case if you use telnet or if mail is received from a remote machine). but mail submitted via the sendmail command (which is the case when you use the 'mail' command) is not subject to these restrictions.
in short, with your current config, you have what you want except for mail submitted via a sendmail on the relay itself.
do you really want to restrict the latter? unless you are using selinux or the like to prevent other programs from connecting to the network, a program can simply connect directly to outside.
if you insist, then force mail to be passed to an smtpd using "-o content_filter" in master.cf:
pickup .... -o content_filter=relay:[127.0.0.1]:25
with this, mail received via the sendmail command will be passed to 127.0.0.1 port 25 and you get what you want.
but there is a caveat here: if after being received on port 25, the message is reinjected using the sendmail command (say from a content filter or from maildrop/procmail/whatever), then it will go to 127.0.0.1:25 again, and so on. and at sometime, you'll get an infinite loop error message (which won't loop, because internal messages are not subject to content_filter!)