From: Jeroen Geilman on 30 May 2010 16:02
On 05/30/2010 09:29 PM, Noel Jones wrote:
> On 5/30/2010 6:58 AM, Jeroen Geilman wrote:
>> On 05/30/2010 01:29 PM, Jarrod Neven wrote:
>>> I am trying to setup restriction to prevent selected users from
>>> sending email externally. I have followed the "Restricting what users
>>> can send mail to off-site destinations" guide at
>>> http://www.postfix.net/RESTRICTION_CLASS_README.html but it is not
>>> having any effect.
>> Then you have not put the restrictions in the correct order, or you are
>> lacking restrictions that are required to make it work.
>>> It appears that no matter what I do smtpd_recipient_restrictions has
>>> no effect. Have set the hash file to an invalid file and created
>>> syntax errors and there are no error messages in the log, even set
>>> smtpd_recipient_restrictions = reject and it did nothing.
>> smtpd_recipient_restrictions is the LAST restriction class to be
>> applied. if mail was accepted before then, REJECTing it here does
> Incorrect. *Each* smtpd_*_restrictions section must evaluate to OK or
> permit. Just because you OK a client in smtpd_client_restrictions
> doesn't give them a free ride in smtpd_recipient_restrictions.
Bah. This trips me up every time.
> So if you're going to speculate, pick something better.
It wasn't speculation. It was knee-jerk.
> For a better guess, we need to see log entries of the transaction.
That's what I should have asked.
From: mouss on 30 May 2010 17:29
Jarrod Neven a �crit :
> I am trying to setup restriction to prevent selected users from sending
> email externally. I have followed the "Restricting what users can send
> mail to off-site destinations" guide at
> http://www.postfix.net/RESTRICTION_CLASS_README.html but it is not
> having any effect.
> It appears that no matter what I do smtpd_recipient_restrictions has no
> effect. Have set the hash file to an invalid file and created syntax
> errors and there are no error messages in the log, even set
> smtpd_recipient_restrictions = reject and it did nothing.
> In maser.cf I have added -v -v to the smtpd process and it shows no
> mention of the value smtpd_recipient_restrictions, looks like it is
> ignored completely.
> Is anything that can prevent smtpd_recipient_restrictions from working?
> Maybe a compiled option missing?
> I have postfix 2.5.1 on centos 64bit
> #postconf -n
> config_directory = /etc/postfix
> mail_owner = postfix
> setgid_group = postdrop
> smtpd_client_restrictions = check_sender_access
> smtpd_delay_reject = no
this is not recommended. when you use it, you are on your own.
> smtpd_recipient_restrictions = check_sender_access
this doesn't work. you should see a warning in your logs.
if it worked, you'd be an open relay unless your check_sender_access
rejects all mail.
anyway, look at your master.cf. you may have overriden your smtpd
> smtpd_restriction_classes = local_only
> smtpd_sender_restrictions = check_sender_access
> virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf
> virtual_gid_maps = static:12
> virtual_mailbox_base = /var/vmail
> virtual_mailbox_domains =
> virtual_mailbox_limit_maps =
> virtual_mailbox_maps =
> virtual_minimum_uid = 101
> virtual_transport = dovecot
> virtual_uid_maps = static:101
From: Michael Orlitzky on 31 May 2010 12:02
On 05/31/2010 08:15 AM, Jarrod Neven wrote:
> The non verbose version:
> ay 31 22:03:50 DKPADMMAIL1 postfix/postfix-script: starting the
> Postfix mail system
> May 31 22:03:50 DKPADMMAIL1 postfix/master: daemon started -- version
> 2.5.1, configuration /etc/postfix
> May 31 22:04:30 DKPADMMAIL1 postfix/pickup: 39EBD5D806B: uid=48
> May 31 22:04:30 DKPADMMAIL1 postfix/cleanup: 39EBD5D806B:
> May 31 22:04:30 DKPADMMAIL1 postfix/qmgr: 39EBD5D806B:
> from=<test1(a)corp.letsengage.com>, size=677, nrcpt=1 (queue active)
> May 31 22:04:34 DKPADMMAIL1 postfix/smtp: 39EBD5D806B:
> relay=gmail-smtp-in.l.google.com[22.214.171.124]:25, delay=4.2,
> delays=0.11/0.01/2.6/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK 1275307474
> May 31 22:04:34 DKPADMMAIL1 postfix/qmgr: 39EBD5D806B: removed
smtpd_foo_restrictions only apply to mail received by smtpd (e.g.
somebody connects on port 25 and begins mashing the keyboard). When you
send mail via the sendmail command, the Postfix pickup daemon steals it
and feeds it into cleanup directly.