Prev: local delivery, relay from local subnet: SOLVED
Next: Postfix ignoring my smtpd_helo_* config??
From: joe on 12 Oct 2007 14:09
Hello I have a sasl restriction before a the helo restriction but it
seems like the helo restriction takes effect independently of the
whether the client is sasl authenticated. Can any one tell me what
could be wrong?

smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_helo_access hash:/
etc/postfix/helo_access,check_client_access hash:/etc/postfix$
smtpd_sender_restrictions =
permit_sasl_authenticated,permit_mynetworks,check_sender_access hash:/
etc/postfix/spoof_access,reject_unknown_sender_domain,rejec$
smtpd_recipient_restrictions =
permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/
etc/postfix/client_access,reject_invalid_hostname,reject

From: Ralf Hildebrandt on 12 Oct 2007 15:29
On 2007-10-12, joe <jcharth(a)gmail.com> wrote:
> Hello I have a sasl restriction before a the helo restriction but it
> seems like the helo restriction takes effect independently of the
> whether the client is sasl authenticated. Can any one tell me what
> could be wrong?

Put all restrictions into smtpd_recipient_restrictions, like this:

smtpd_client_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_helo_access hash:/etc/postfix/helo_access
check_client_access hash:/etc/postfix/client_access
check_sender_access hash:/etc/postfix/spoof_access
reject_unknown_sender_domain
reject_invalid_hostname

> smtpd_client_restrictions =
> permit_mynetworks,permit_sasl_authenticated,check_helo_access hash:/
> etc/postfix/helo_access,check_client_access hash:/etc/postfix$
> smtpd_sender_restrictions =
> permit_sasl_authenticated,permit_mynetworks,check_sender_access hash:/
> etc/postfix/spoof_access,reject_unknown_sender_domain,rejec$
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,check_client_access hash:/
> etc/postfix/client_access,reject_invalid_hostname,reject
>


--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt(a)charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk(a)charite.de
From: joe on 15 Oct 2007 14:17
Thanks Ralph that makes sense. I had it in the helo restrictions also.
So far so good.

From: joe on 15 Oct 2007 16:25
It does not look like I can use check_helo_access in the
smtpd_recipient_restrictions for a moment i looks like i was allowing
relaying from many of the domains in my helo_access file. Any ideas?

From: Ralf Hildebrandt on 16 Oct 2007 05:53
On 2007-10-15, joe <jcharth(a)gmail.com> wrote:
> It does not look like I can use check_helo_access in the
> smtpd_recipient_restrictions

Why? Of course you can.

> for a moment i looks like i was allowing relaying from many of the
> domains in my helo_access file. Any ideas?

--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt(a)charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk(a)charite.de
 | 
Pages: 1
Prev: local delivery, relay from local subnet: SOLVED
Next: Postfix ignoring my smtpd_helo_* config??