From: Noel Jones (njonesmegan.vbhcs.org)
Date: Thu May 01 2008 - 13:26:49 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Glen Lee Edwards wrote:
> Background:
>
> I'm trying to set up a local_only restriction class, but apparently am
> doing something wrong. In the directions, it states the following:
>
> ************
> Note: this scheme does not authenticate the user, and therefore it can
> be bypassed in several ways:
>
> * By sending mail via a less restrictive mail relay host.
>
> * By sending mail as someone else who does have permission to send
> mail to off-site destinations.
> ************
>
> I'm guessing that it's failing due to the line, "By sending mail as
> someone else..." Here's what I'm trying to do:
>
> I have no local users who need off site access. The only local user who
> needs to send any mail at all is the apache web server, who is user
> www.
>
> My goal: I want no off site deliveries of mail that originates from the
> web server, so contact forms on web sites that I host that send out mail
> must be sent so that the mail has to be delivered to a local POP3 box,
> otherwise it must to be rejected by Postfix if addressed to any off site
> destination.
>
> The problem: Mail is still being delivered off site even though I've set
> up a local_user restriction class.
>
> The cause (I think): Mail is leaving here with the envelope sender being
> wwwexample.com. The contact forms are rewriting the From: line to show
> the address of the individual who is filling out the form. Is that my
> problem? If so, is there a fix?
>

I would guess the problem is that your web server submits mail
using the 'sendmail' command rather than through SMTP.
Postfix smtpd_*_restrictions are only effective on mail
submitted via SMTP.

For more help, please see:
http://www.postfix.org/DEBUG_README.html#mail
Include complete log entries showing a suspect message
entering and leaving postfix along with your "postconf -n" and
restriction class definitions (which aren't included in
postconf output).

> Novice question: Is the envelope sender userlocalhost,
while MAIL FROM
> is the address shown in the 'From: .*' header?

The envelope sender is the address given in the MAIL FROM
command, also usually shown in the Return-Path: header. The
From: header in the mail has no relation to the envelope
sender, although some people expect them to be the same.
Examine the headers of this message to see an example.

With the sendmail command, the envelope sender can be
specified by using the -f option. The From: header is just a
line of text in the message.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]