From: Glen Lee Edwards (gleholiness.ch)
Date: Thu May 01 2008 - 07:54:11 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Background:

I'm trying to set up a local_only restriction class, but apparently am
doing something wrong. In the directions, it states the following:

************
Note: this scheme does not authenticate the user, and therefore it can
be bypassed in several ways:

      * By sending mail via a less restrictive mail relay host.
        
      * By sending mail as someone else who does have permission to send
        mail to off-site destinations.
************

I'm guessing that it's failing due to the line, "By sending mail as
someone else..." Here's what I'm trying to do:

I have no local users who need off site access. The only local user who
needs to send any mail at all is the apache web server, who is user
www.

My goal: I want no off site deliveries of mail that originates from the
web server, so contact forms on web sites that I host that send out mail
must be sent so that the mail has to be delivered to a local POP3 box,
otherwise it must to be rejected by Postfix if addressed to any off site
destination.

The problem: Mail is still being delivered off site even though I've set
up a local_user restriction class.

The cause (I think): Mail is leaving here with the envelope sender being
wwwexample.com. The contact forms are rewriting the From: line to show
the address of the individual who is filling out the form. Is that my
problem? If so, is there a fix?

Novice question: Is the envelope sender userlocalhost, while MAIL FROM
is the address shown in the 'From: .*' header?

Glen

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]