Hi I need help. I found a link to block specific internal users from sending out to gmail yahoo etc. But I'm kinda at a loss (actually scared of breaking a working box) on how to actually implement this on our Centos+ISPConfig3 setup because I'm a newbie at linux. Below is my main.cf. From what I understand, i hafto create two files namely restricted_senders and local_domains. Then will have to add/replace lines to the main.cf as stated on the article. What I am hesitant to touch are the mysql and regexp entries on my live main.cf. A little spoon feeding is probably needed here. sorry guys Code: The example assumes DB/DBM files, but this could also be done with LDAP or SQL. /etc/postfix/main.cf: smtpd_recipient_restrictions = ... check_sender_access hash:/etc/postfix/restricted_senders ...other stuff... smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject /etc/postfix/restricted_senders: foo@domain local_only bar@domain local_only /etc/postfix/local_domains: this.domain OK matches this.domain and subdomains that.domain OK matches that.domain and subdomains Specify dbm instead of hash if your system uses dbm files instead of db files. To find out what map types Postfix supports, use the command postconf -m. Note: this scheme does not authenticate the user, and therefore it can be bypassed in several ways: By sending mail via a less restrictive mail relay host. By sending mail as someone else who does have permission to send mail to off-site destinations. Code: readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, prox y:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_ client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL myhostname = mail.theritzhoteldavao.com mynetworks = 127.0.0.0/8 120.72.28.220 [::1]/128 dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings mailbox_size_limit = 0 message_size_limit = 0 maximal_queue_lifetime = 1d
Just backup config files before changing them, and make notes of what you change, and you can always get back to the working state if needed. In that configuration, yes you would create 2 files - once you have that working you could convert the second file (local_domains) to a direct mysql query to look up local domains, which will save you updating it if they change often. When you make changes to smtpd_recipient_restrictions (and various other settings in main.cf) you can edit /etc/postfix/main.cf directly to test and get things working, but you need to take an additional step to make those changes upgrade-safe, so they don't get overwritten by your next ISPConfig upgrade. You can search the forums here for "main.cf conf-custom" for more info, but eg. on debian/ubuntu, you would copy install/tpl/debian_postfix.conf.master from the ISPConfig install package to /usr/local/ispconfig/server/conf-custom/install/ and make the same changes to smtpd_recipient_restrictions there as you made to your /etc/postfix/main.cf.
