Hello everyone on serverfault,
I run a Debian Wheezy mailserver with postfix and several domains on it.
For one domain, I need some accounts to be unable to receive and send email to the external world, only to the same domain. The other accounts and domains remain normal.
Searching the web I found that I can do this with postfix restriction classes, so, I found a guide in postfix documentation: http://www.postfix.org/RESTRICTION_CLASS_README.html
Following the postfix documentation, I can’t apply my restriction, it gives me an unused parameter error when I restart postfix, the error is the following:
/usr/sbin/postconf: warning: /etc/postfix/main.cf: unused parameter: local_only=check_recipient_access hash:/etc/postfix/local_domains, reject
Here’s some part of my main.cf where the restriction classes are located:
smtpd_client_restrictions =
permit_mynetworks,
check_client_access hash:/etc/postfix/custom_check_client_access,
permit_sasl_authenticated,
reject_sender_login_mismatch,
reject_unknown_client,
reject_unauth_pipelining,
reject_rbl_client sbl.spamhaus.org,
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
check_recipient_access hash:/etc/postfix/protected_destinations,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_restriction_classes = local_only
local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access hash:/etc/postfix/local_domains, reject
Here’s my /etc/postfix/protected_destinations file:
restrict01@mydomain.com insiders_only
Here’s my /etc/postfix/restricted_senders file:
restrict01@mydomain.com local_only
Here’s my /etc/postfix/local_domains file:
mydomain.com OK
I can’t figure out what I did wrong! I couldn’t see anywhere on the internet on how to do two restriction classes together, so the syntax of smtpd_restriction_classes may be wrong. The other thing that I suspect to be wrong is the order of smtpd_recipient_restrictions, I can’t figure out where to put the check_sender_access and the check_recipient_access.
If you guys could help me out on setting up this restriction class, I would be thankful.
Thank you, Giovanni