En essayant de bloquer les e-mails sortants pour un utilisateur spécifique à la fois localement et à l'extérieur, j'ai entré la configuration de Postfix dans main.cf SMTPD_Recipient_Restrictions = Check_sender_access hash: /etc/postfix/sender_accessavec ce texte, [email protected] Rejectpuis Postmap Sender_accesspour créer le fichier .db.

Via webmail et avec des clients de messagerie tels que Thunderbird ou Outlook, tout va bien. L'envoi est verrouillé soit en utilisant les ports 25 et 465 ssl/tls, mais si les clients utilisent le port 587 avec les STARTTL, l'envoi réussit.

Comment arrêter d'envoyer également via le port 587 avec les clients de messagerie ?

postconf -n

alias_maps = hash:/etc/aliases, nis:mail.aliases, hash:/var/spool/postfix/plesk/aliases
authorized_flush_users =
authorized_mailq_users =
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 5
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 10240000
meta_directory = /etc/postfix
mydestination = localhost.$mydomain, localhost, localhost.localdomain
myhostname = mydomain.my
mynetworks =
newaliases_path = /usr/bin/newaliases.postfix
plesk_virtual_destination_recipient_limit = 1
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-3.5.9/README_FILES
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:127.0.0.1:12346
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-3.5.9/samples
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_bind_address = xxx.xxx.xxx.xxx
smtp_send_xforward_command = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_milters = , inet:127.0.0.1:12768
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = /usr/local/psa/etc/dhparams2048.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = TLSv1.2
smtpd_tls_protocols = TLSv1.2
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtputf8_enable = no
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = yes
tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
transport_maps = hash:/var/spool/postfix/plesk/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:30
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:30

postconf-M

smtp       inet  n       -       n       -       -       smtpd
cleanup    unix  n       -       n       -       0       cleanup
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
plesk_virtual unix -     n       n       -       -       pipe flags=DORhu user=popuser:popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames -q ${queue_id}
127.0.0.1:12346 inet n   n       n       -       -       spawn user=popuser:popuser argv=/usr/lib64/plesk-9.0/postfix-srs
mailman    unix  -       n       n       -       -       pipe flags=R user=mailman:mailman argv=/usr/lib64/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
pickup     fifo  n       -       n       60      1       pickup
qmgr       fifo  n       -       n       1       1       qmgr
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
submission inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
plesk_saslauthd unix y   y       n       -       1       plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db

Version du système d'exploitation Plesk Obsidian 18.0.40.1 : CentOS 7.9.2009 x86_64

answer

check_sender_accessappartient à smtpd_sender_restrictions, pas à smtpd_recipient_restrictions.