From: ankush grover (no email)
Date: Tue Aug 01 2006 - 07:51:54 EDT
On 8/1/06, Magnus Bäck <> wrote:
> On Tuesday, August 01, 2006 at 10:12 CEST,
> ankush grover <> wrote:
>
> > I am trying to implement the Postfix restriction classes for one of
> > the accounts in my network. There is an account called staff and the
> > mail sent to this address goes to all the
> > employees in the organisation.
> >
> > I have configured main.cf as per the restriction class example
> >
> > smtpd_restriction_classes = insiders_only
> > insiders_only = check_sender_access hash:/etc/postfix/sender_access, reject
> > smtpd_recipient_restrictions = permit_mynetworks,
> > permit_sasl_authenticated,
> > check_recipient_access
> > hash:/etc/postfix/recipient_access,
> > reject_invalid_hostname,
> > reject_unknown_sender_domain,
> > reject_unknown_recipient_domain,
> > reject_unauth_destination,
> > reject_rbl_client relays.ordb.org,
> > reject_rbl_client opm.blitzed.org,
> > reject_rbl_client list.dsbl.org,
> > reject_rbl_client sbl.spamhaus.org,
> > reject_rbl_client cbl.abuseat.org,
> > reject_rbl_client dul.dnsbl.sorbs.net,
> > permit
> >
> > But still I am able to receive the mail from outside on this account
> > from accounts list permitted to send mail to this account.
>
> Show logs and complete "postconf -n" output.
>
> But anyway, wouldn't it be a better idea to rely on the client address
> and authentication rather than the easily spoofed sender address, like
> in the example in RESTRICTION_CLASS_README?
>
Hey,
Thanks for the reply. Below are the logs file and the postcong -n output
Logs
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from localhost (localhost.localdomain [127.0.0.1])??by
mail.sun.net (Postfix) with ESMTP id 0E3766FFE5??for
<>; Tue, 1 Aug 2006 16:48:57 +0530 (IST) from
localhost.localdomain[127.0.0.1]; from=<>
to=<> proto=ESMTP helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from mail.isp.com??by localhost with IMAP
(fetchmail-6.2.5.5)??for (multi-drop); Tue, 01 Aug
2006 16:48:57 +0530 (IST) from localhost.localdomain[127.0.0.1];
from=<> to=<> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from ug-out-1314.google.com (ug-out-1314.google.com
[66.249.92.174])??by mail252.megamailservers.com
(8.13.6.20060614/8.13.1) with ESMTP id k71Bb1aL003459??for
< from localhost.localdomain[127.0.0.1];
from=<> to=<> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by ug-out-1314.google.com with SMTP id m3so1254036ugc?
for <>; Tue, 01 Aug 2006 04:36:59 -0700 (PDT) from
localhost.localdomain[127.0.0.1]; from=<>
to=<> proto=ESMTP helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by 10.66.221.19 with SMTP id t19mr749382ugg;? Tue, 01
Aug 2006 04:36:58 -0700 (PDT) from localhost.localdomain[127.0.0.1];
from=<> to=<> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by 10.66.225.3 with HTTP; Tue, 1 Aug 2006 04:36:58 -0700
(PDT) from localhost.localdomain[127.0.0.1];
from=<> to=<> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5:
message-id=<>
Aug 1 16:48:57 mail MailScanner[30558]: New Batch: Scanning 1
messages, 2194 bytes
Aug 1 16:48:58 mail postfix/smtpd[4863]: disconnect from
localhost.localdomain[127.0.0.1]
Aug 1 16:49:04 mail MailScanner[30558]: Virus and Content Scanning: Starting
Aug 1 16:49:04 mail MailScanner[30558]: Requeue: 0E3766FFE5.381FC to 647537000E
Aug 1 16:49:04 mail MailScanner[30558]: Uninfected: Delivered 1 messages
Aug 1 16:49:04 mail MailScanner[30558]: Logging message 0E3766FFE5.381FC to SQL
Aug 1 16:49:04 mail postfix/qmgr[30525]: 647537000E:
from=<>, size=1927, nrcpt=2 (queue active)
Aug 1 16:49:04 mail MailScanner[30517]: 0E3766FFE5.381FC: Logged to
MailWatch SQL
Aug 1 16:49:04 mail postfix/local[4871]: 647537000E:
to=<>, orig_to=<>, relay=local,
delay=7, status=sent (delivered to maildir)
Aug 1 16:49:04 mail postfix/local[4870]: 647537000E:
to=<>, orig_to=<>, relay=local,
delay=7, status=sent (delivered to maildir)
Aug 1 16:49:04 mail postfix/qmgr[30525]: 647537000E: removed
is an alias(no mailbox just alias) and the mails
for the goes to and
. Entry for the is defined in
virtual file(/etc/postfix/virtual)
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 20
fast_flush_domains = $relay_domains
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
in_flow_delay = 1s
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = sun.net
message_size_limit = 51200000
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain, $mydomain
myhostname = mail.sun.net
mynetworks = 192.168.5.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
recipient_delimiter = +
relayhost = mail.isp.com
sample_directory = /usr/share/doc/postfix-2.1.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_recipient_access
hash:/etc/postfix/recipient_access,
reject_invalid_hostname, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_restriction_classes = insiders_only
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
reject_rbl_client relays.ordb.org, reject_rbl_client
opm.blitzed.org, reject_rbl_client
list.dsbl.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org, reject_rbl_client
dul.dsnbl.sorbs.net, permit
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
Thanks & Regards
Ankush Grover
|
|
|