Brian Evans - Postfix List wrote:
Noel Jones wrote:
Brian Evans - Postfix List wrote:
I want a single account to only accept NDRs. Other email should be
rejected.
Would the following work correctly?
smtpd_recipient_restrictions:
...
check_recipient_access hash:/etc/postfix/receieve_only
...
/etc/postfix/receieve_only:
[EMAIL PROTECTED] check_sender_access
hash:/etc/postfix/ndr_senders
/etc/postfix/ndr_senders:
<> OK
* REJECT This mailbox is not available.
Your logic is correct, but hash: maps don't support a wildcard entry.
Use a regexp: or pcre: map type instead.
/^<>$/ OK
/^/ REJECT mailbox not available
I've tried to implement this and it does not seem to work properly. Any
advice?
mail_version = 2.4.6
postconf -n:
alias_maps = hash:/etc/postfix/aliases,
hash:/var/lib/mailman/data/aliases,
proxy:mysql:/etc/postfix/mysql-virtual-aliases.cf
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
bounce_size_limit = 1
config_directory = /etc/postfix
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = .maildir/
inet_interfaces = localhost, example.com
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain, $mydomain
myhostname = mx1.example.com
mynetworks = !192.168.123.4, 192.168.123.0/24, 127.0.0.0/8
myorigin = $mydomain
parent_domain_matches_subdomains =
proxy_interfaces = 69.48.33.25
smtpd_authorized_xclient_hosts = localhost
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_milters = unix:/var/amavis/amavisd-milter.sock
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, check_recipient_access
hash:/etc/postfix/receieve_only, check_recipient_access
hash:/etc/postfix/reject_old_redirect, reject_unlisted_recipient,
reject_non_fqdn_recipient, check_client_access
cidr:/etc/postfix/postfix-dnswl-permit, reject_unknown_client_hostname,
check_policy_service inet:127.0.0.1:12525, check_recipient_access
pcre:/etc/postfix/sender_access.pcre
smtpd_restriction_classes = ndr_only
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
pcre:/etc/postfix/sender_access.pcre, check_sender_access
hash:/etc/postfix/blacklisted_senders
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
swap_bangpath = no
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf
ndr_only = check_recipient_access hash:/etc/postfix/ndr_senders,reject
That needs to be check_sender_access
--
Noel Jones
$ cat /etc/postfix/ndr_senders
<> OK
$ cat /etc/postfix/receieve_only
[EMAIL PROTECTED] ndr_only
Log:
Aug 20 12:36:41 mx1 postfix/smtpd[7408]: NOQUEUE: reject: RCPT from
raven.securenet-server.net[207.45.186.82]: 554 5.7.1
<[EMAIL PROTECTED]>: Recipient address rejected: Access denied;
from=<> to=<[EMAIL PROTECTED]> proto=SMTP
helo=<raven.securenet-server.net>
