Restrict postqueue access to admin user

I'm running postfix on Gentoo as mailer daemon. During investigation of some queue pileup I found that /usr/sbin/postqueue is executable by all users on the system, it happily outputs the current mail queue (with -q) for all users.

It looks like this is more or less by design: postdrop and postqueue are set-gid binaries with group postdrop.

-rwx--s--x  1 root postdrop  15K Apr 10 23:49 postdrop
-rwx--s--x  1 root postdrop  15K Apr 10 23:49 postqueue

They are also executable by other, something postfix seems to require (output of postfix check):

postfix/postfix-script: warning: not set-gid or not owner+group+world executable: /usr/sbin/postqueue

I'm probably missing something of the inner workings, but as far as I see normal users shouldn't have access to the queue, especially since in this configuration all addresses and domains are set virtual (via a database). If a user would poll postqueue regularly he could assemble a list of <from>,<to> address pairs (postcat is restricted, users cannot access the contents of the mail).

exim has a configuration option named queue_list_requires_admin, but I cannot find something like this for postfix. Is it possible to restrict queue access with postfix?

Postfix doesn't use unix permission feature to limit access to postqueue. Instead it uses parameters like ' authorized_mailq_users'

authorized_mailq_users (static:anyone)

List of users who are authorized to view the queue.

So, if you want to limit to particular user, for example: root, you can use

authorized_mailq_users = static:root

For further info, see man 1 postqueue