5

I have a problem with postfix to reject outgoing email for some address in blacklist.

This is my configure /etc/postfix/main.cf:

smtpd_recipient_restrictions = 
      check_recipient_access hash:/etc/postfix/bad_recipients, permit_mynetworks, reject_unauth_destination, permit

File /etc/postfix/bad_recipients:

phongdang@chotot.vn REJECT

Then I use command:

postmap /etc/postfix/bad_recipients

to create bad_recipients.db

and restart postfix: /etc/init.d/postfix restart

Then I try send mail to phongdang@chotot.vn: 

echo "hello world" | mailx -s "Test from CLI" phongdang@chotot.vn

Maillog:

Nov  4 19:54:50 cent6 postfix/pickup[32452]: 851B011FD2B: uid=0 from=<root>
Nov  4 19:54:50 cent6 postfix/cleanup[32491]: 851B011FD2B: message-id=<20141104125450.851B011FD2B@cent6.5-template>
Nov  4 19:54:50 cent6 postfix/qmgr[32453]: 851B011FD2B: from=<root@cent6.5-template>, size=447, nrcpt=1 (queue active)
Nov  4 19:54:50 cent6 postfix/smtp[32493]: connect to ASPMX.L.GOOGLE.COM[2607:f8b0:400e:c02::1b]:25: Network is unreachable
Nov  4 19:54:51 cent6 postfix/smtp[32493]: 851B011FD2B: to=<phongdang@chotot.vn>, relay=ASPMX.L.GOOGLE.COM[74.125.28.26]:25, delay=1.2, delays=0.05/0/0.6/0.51, dsn=2.0.0, status=sent (250 2.0.0 OK 1415105691 x3si145045pdr.187 - gsmtp)
Nov  4 19:54:51 cent6 postfix/qmgr[32453]: 851B011FD2B: removed

And I receive email although I restricted email phongdang@chotot.vn. Please help me fix it.

Mikael Dúi Bolinder
  • 326
  • 2
  • 3
  • 17
Phong Đặng
  • 53
  • 1
  • 5

2 Answers2

7
  • It is because smtpd_recipient_restrictions only apply to the mails received by smtpd daemon through an SMTP transaction.
  • The mails submitted using sendmail or mailx command is queued in maildrop queue by postdrop command, which is picked up by pickup and fed to cleanup directly.

You can't restrict recipients for the mails submitted through sendmail or mailx commands.

The only solution to this problem is force your applications to send mail only through smtp.

clement
  • 875
  • 5
  • 9
4

As clement said, your restriction doesn't work because the email was queued via pickup.

As workaround you can apply a solution from postfix-users mailing-list

In master.cf look the pickup entry. Then add -o content_filter=smtp:[127.0.0.1]:12525

pickup    fifo  n       -       n       60      1       pickup
    -o content_filter=smtp:[127.0.0.1]:12525

Then add another smtpd process (port 12525) also in master.cf to perform rejection

127.0.0.1:12525 inet    n       -       n       -       25      smtpd

Don't forget to restart postfix

The caveats from the same page: This overrides the default delivery agent for locally submitted email, but adds to the already I/O overhead of local submission.

Community
  • 1
masegaloeh
  • 17,978
  • 9
  • 56
  • 104