Re: restriction class

From: Justin Zygmont (no email)
Date: Tue Dec 20 2005 - 13:36:16 EST

  • Next message: Wietse Venema: "Re: Postfix and maildir on Solaris 9"

    On Sat, 3 Dec 2005, Harvey Smith wrote:

    > On Fri, Dec 02, 2005 at 08:50:56PM -0800, Justin Zygmont wrote:
    >> On Fri, 2 Dec 2005, Harvey Smith wrote:
    >>
    >>> On Fri, Dec 02, 2005 at 06:24:42PM -0800, Justin Zygmont wrote:
    >>>>
    >>>> doesn't seem to work, nothing will send that way. Did you try it like
    >>>> this before?
    >>>>
    >>>
    >>> I thought I had a good handle on restriction classes and I use several
    >>> of them in my set-up but the answer is no, I have not tried to do what
    >>> you are trying to do. In fact I just set up a test and was unable to
    >>> get even the example as originally stated to work. In my case all the
    >>> test emails were sent to the external relays and none were stopped.
    >>>
    >>> I apologize, apparently I'm not as with-it as I thought.
    >>
    >> hmm, i'm suprised too. Well thanks for trying to help anyways, I didn;t
    >> think i was going to get any replies at all.
    > Ok I have been enlightened as to why all my email were been sent, mail
    > sent via the sendmail(1) command don't go throuth the
    > smtpd_*_restriction.
    >
    > I just re-did my tests submitting the email via smtp and every is now
    > working as I expected.
    >
    > Basically I have now:
    >
    > in main.cf:
    >
    > smtpd_restriction_classes = local_only
    >
    > local_only =
    > check_recipient_access hash:/etc/postfix/local_domains,
    > reject
    >
    > smtpd_recipient_restrictions =
    > check_sender_access hash:/etc/postfix/sender_access,
    > ...
    >
    > And in /etc/postfix/sender_access:
    >
    > DUNNO
    > buskers.org local_only
    >
    > And in /etc/local_domains
    >
    > buskers.org OK
    >
    > I'm using DUNNO in /etc/postfix/sender_access as sender addresses are
    > easy to forge and I want to continue checking later
    > smtpd_recipient_restrictions, since this machine accepts mail from the
    > internet I don't want any spammer who forges to be
    > able to relay email anywhere.
    >
    > Anyway was able to email to external hosts and
    > couldn't.
    >
    > So there is something else in your set-up causing your issues. If you
    > send me more info on your set-up (relavant log file lines and output
    > of postconf -n) maybe I'll notice what it could be. (and maybe not ;-)

    you're sure it really works for you? I don't see how your setup can even
    work since postalias requires a name:value format, and some other
    differences. I have this as my setup:

    -----------------------------------
    from main.cf:

    smtpd_restriction_classes = local_only

    local_only = check_recipient_access hash:/etc/postfix/local_domains,
    reject

    smtpd_recipient_restrictions = reject_unauth_destination,
    check_sender_access hash:/etc/postfix/unrestricted_senders

    ------------------------------------
    and from unrestricted_senders:

    justin:OK
    cityfone.net:local_only

    ------------------------------------
    and local_domains:

    citysupport.cityfone.net:OK
    citysupport:OK
    cityfone.net:OK
    localhost.localdomain:OK

    ------------------------------------
    output of postconf -n

    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    command_directory = /usr/sbin
    config_directory = /etc/postfix
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    html_directory = no
    inet_interfaces = all
    local_recipient_maps = unix:passwd.byname $alias_maps
    mail_owner = postfix
    mailq_path = /usr/bin/mailq.postfix
    manpage_directory = /usr/share/man
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    mydomain = cityfone.net
    myhostname = citysupport.cityfone.net
    mynetworks = 127.0.0.0/8, 192.168.43.0/24
    myorigin = $mydomain
    newaliases_path = /usr/bin/newaliases.postfix
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
    sample_directory = /usr/share/doc/postfix-2.1.5/samples
    sendmail_path = /usr/sbin/sendmail.postfix
    setgid_group = postdrop
    smtpd_recipient_restrictions = check_sender_access
    hash:/etc/postfix/unrestricted_senders, reject_unauth_destination
    smtpd_restriction_classes = local_only
    unknown_local_recipient_reject_code = 550

    -----------------------------------------
    the message from maillog:

    postfix/smtpd[31302]: NOQUEUE: reject: RCPT from citysupport[127.0.0.1]:
    554 <>: Sender address rejected: Access denied;
    from=<> to=<> proto=ESMTP
    helo=<citysupport>
    Dec 20 10:57:53 citysupport postfix/smtpd[31302]: disconnect from
    citysupport[127.0.0.1]

    The only messages that are allowed to send are to local accounts, I cannot
    send to an outside address no matter what user I am. I have tried
    different options but it still doesn't work. Any help would be greatly
    appreciated.

  • Next message: Wietse Venema: "Re: Postfix and maildir on Solaris 9"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    		Powered By FreeBSD   Powered By FreeBSD