[CentOS] restrict postfix to only certain users getting incoming mail [solved?]
bob at bobhoffman.com
Tue Mar 6 07:43:47 UTC 2012
Micolas Kowalski wrote
/Tue Mar 6 01:39:49 EST 2012
On Mon, Mar 05, 2012 at 11:50:21PM -0500, Bob Hoffman wrote:
>/ What I would like is to just tell postfix to only allow incoming mail
/>/ for user1 and user2 and reject all...but only from external sources, not
/>/ locally sent mail.
You may use local_recipient_maps. On my home server, I have this in the
postfix main.cf file:
mydestination = $myhostname, localhost
local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps
/etc/postfix/local_recipients contains the list of the users allowed to
get mail from the external, one by line:
Fill it with the values needed, then run "postmap /etc/postfix/local_recipients",
and reload/restart postfix.
For anyone reading and wanting to know, this is for centos 6, stock install
of postfix. This appears to be the winning solution.
I was looking at that but could not see how to make it work. However, I think with your note
on local_rec I had a working example to play with.
My server is internet facing so this example had to be modified.
I will be testing for a few days, but here is what I did, and it seems to work.
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
(I had to add all 4 or mail had issues or were completely rebuffed)
added two users,
(have to put something after each user..a space then 'something'. Postfix ignores the right side.)
Adding @domain caused all to be rejected or all to be allowed, depending on the things I tried.
putting just the local user down without the @ worked good.
service postfix restart
Here is the thing that made it work...getting rid of $alias_maps in the
local_recipient_maps = hash:/etc/postfix/myusers, $alias_maps
by adding alias_maps, it will accept anything listed in there, which includes all the
unix users like apache, root, etc.
seems to work.
Seems like all incoming mail bounce correctly, adding 'unknown user'.
I was able to command line from my root account, sending a mail to my root account
and received it.
I thought the local maps file was needed as is to allow proper authentication to send/receive mail
perfect solution so far Nicolas
Now my question is.... why is the default to allow all these mails?
More information about the CentOS