Wednesday, April 27, 2016

Restricting specific users from sending email to external domains in Postfix

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail, intended as an alternative to Sendmail MTA.
When configuring mail server especially for small companies there sometime a requirement to restrict some of the users from sending email to the Internet, and allowing them to send email only to local domain or some domains.
This howto is going to show you how to achieve that extra functionality, this howto is assuming you have working mail server already where by the users are able to send and receive emails.Below are steps,

a. Create a file to catch specific email address which should be restricted.
i. Change to root and open the main Postfix configuration file.

 ~$ sudo su -
 ~# vim /etc/postfix/
ii. Add rule that will catch limited addresses.
The rule should be added as the first line in smtpd_sender_restrictions as below.

smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/restricted_senders,
as below:

If you put the rule below any permit rule there possibly it won't work as required.

b. Create specific rule and add the address which should be restricted, am using domain for the sake of demonstration only, you're going to use you're actual domain in real implementation.
vim /etc/postfix/restricted_senders
Add the email address which should be restricted on above created file and save;  local_only local_only

as below

c.i.The rule above says to route restricted emails to a ruleset called "local_only". You need to define it, before you can add rules to it. Open main.conf file and add local_only ruleset as restriction class.

smtpd_restriction_classes = local_only
ii. Then create the restriction class "local_only" and add rules. They are executed top to bottom - first match wins:
check_recipient_access hash:/etc/postfix/local_domains,
The two lines should look as below on postfix main.conf configuration file.

d. Lastly, define the local domains where restricted users should be allowed to send, here i allow my local domain only.
Create a file

vim /etc/postfix/local_domains

add the domain(s)   OK

If the recipient domain is not in /etc/postfix/local_domains Postfix will look for the next rule.In "local_only" I wrote "reject".This is a static action, which always is true if Postfix tests it. It gives you what you want. Either the recipient domain is on /etc/postfix/local_domains or the request action (send a message) will be rejected.

Drop a comment if you face any difficult in implementing the setup, tuonane kwenye post nyingine.