How can I configure Postfix in a way that some users can send
mail to the internet and other users not. The users with no access
should receive a generic bounce message. Please don't discuss
whether such access restrictions are necessary, it was not my
decision.
Postfix has support for per-user restrictions. The restrictions
are implemented by the SMTP server. Thus, users that violate the
policy have their mail rejected by the SMTP server. Like this:
554 <user@remote>: Access denied
The implementation uses two lookup tables. One table defines
what users are restricted in where they can send mail, and the
other table defines what destinations are local. It is left as an
exercise for the reader to change this into a scheme where only
some users have permission to send mail to off-site destinations,
and where most users are restricted.
The example assumes DB/DBM files, but this could also be done
with LDAP or SQL.
/etc/postfix/
main.cf:
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders
...other stuff...
smtpd_restriction_classes = local_only
local_only =
check_recipient_access hash:/etc/postfix/local_domains, reject
/etc/postfix/restricted_senders:
foo@domain local_only
bar@domain local_only
/etc/postfix/local_domains:
this.domain OK matches this.domain and subdomains
that.domain OK matches that.domain and subdomains
Specify dbm instead of hash if your system uses
dbm files instead of db files. To find out what map
types Postfix supports, use the command postconf -m.
Note: this scheme does not authenticate the user, and therefore it can be
bypassed in several ways:
