Posted inpostfix

Postfix Create Blackhole For Authenticated User’s Outgoing Submission

No CommentsPosted inpostfix

I don’t know what is the right subject for this topic, the idea is, i just want my outgoing smtp for sending email only, authenticated user not supposed send(or accidentally) to his/her smtp authentication account.which are in my configuration stored in virtual mailbox maps table. In normal case can delivering email to maildir.

I’m using postfixadmin to generate username/password, saslauthd with pam_mysql for querying username/password to mysql virtual mailbox table.Everything is okay with authentication things, except i don’t want username receiving email

In postfix access 5 manual there is actions called DISCARD

       DISCARD optional text...
              Claim successful delivery and silently discard  the
              message.   Log the optional text if specified, oth-
              erwise log a generic message.

              Note: this action currently affects all  recipients
              of  the  message.   To  discard  only one recipient
              without discarding  the  entire  message,  use  the
              transport(5) table to direct mail to the discard(8)
              service.

              This feature is available in Postfix 2.0 and later.

Here’s how i do it:

Create mysql lookup tables

mysql_recipient_discard_maps.cf

user = postfix
password = password
hosts = localhost
dbname = postfixdb
query = SELECT 'DISCARD [Sent only user!]' FROM mailbox WHERE username='%s' AND active = 1

Notice on query statement “query = SELECT ‘DISCARD [Sent only user!]’ FROM mailbox WHERE username=’%s’ AND active = 1”

The query will always returning ‘DISCARD [Sent only user!]’ if ‘%s’ match username in virtual mailbox tables

Now put lookup query to submission resctriction

submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=check_recipient_access,mysql:/etc/postfix/mysql_recipient_discard_maps.cf,permit_mynetworks,permit_sasl_authenticated,reject

Logs shows:

Dec  7 11:44:32 smtp postfix/smtpd[29040]: NOQUEUE: discard: RCPT from tebet.domain.net.id[202.xxx.xx.xxx] <hari.h@auth.domain.net>: Recipient address [Sent only user!]; from=<hari.h@domain.com> to=<hari.h@auth.domain.net> proto=ESMTP helo=<[192.168.200.100]> 
Dec  7 11:44:32 smtp postfix/smtpd[29040]: E9CE5208A1: client=tebet.domain.net.id[202.xxx.xx.xxx], sasl_method=PLAIN, sasl_username=hari.h@auth.domain.net

Maybe there’s easy/better solutions that i don’t know yet, but it work as i expected for now.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *