Rocco Scappatura a écrit :
> Mouss,
>
>>> [snip]
>>>
>>> :-D
>>>
>>> [snip]
>> dogs ate logs?
>>
>
> Very cool from you.. as usual!
>
> You have won a prize.. :-) <-- Is it ok so? ;-)
>
depends on what the prize is :)
>> - show logs that prove what you claimed
>
> Feb 1 06:02:50 av5 postfix/smtpd[32172]: NOQUEUE: reject: RCPT from
> unknown[83.103.67.197]: 550 5.1.1 <st...@receiver.tld: Recipient address
> rejected: undeliverable address: host
> srvmailvb.domain.intranet[10.36.20.100] said: 550 5.1.1 User unknown (in
> reply to RCPT TO command); from=<> to=<st...@receiver.tld> proto=ESMTP
> helo=<clus2.istge.it>
>
so the sender is "<>". see below.
>> - show 'postmap -q' results (for all the keys that postfix uses. see the
>> man page of access for the lookup order).
>
> Cound you instruct me about the order postfix applies the restrictions
> (you can see "postconf" output in my previous email.. Thanks.)
>
From
http://www.postfix.org/access.5.html
in the EMAIL ADDRESS PATTERNS section, the order is:
u...@domain
domain.tld
user@
so you would do
# postmap -q j...@domain.example proxy:mysql:/....
# postmap -q domain.example proxy:mysql:/....
# postmap -q joe@ proxy:mysql:/....
> Anyway,
>
> # postmap -q st...@receiver.tld
> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
> REJECT
>
>> you also need to make your mind: the subject contains
>> "check_client_access". your question was about "check_sender_access",
>
> OK. Sorry I have wrong my subject..
>
>> and your explanation was about a "receiver". That's 3 different things...
>
> So.. What I have to do to block a message based on the receiver?
>
check_recipient_access.
>> PS. it would be safer to put your check_sender_access in
>> smtpd_sender_restrictions so that an error in your sql query doesn't
>> make you an open relay.
>
> Why is safer? Could have any side effect in my configuration? Thanks.
>
it's ok if you don't return "OK" in your map (Annie, are you OK?). but
one day, you'll be tired and you'll add an entry to your map...
this is why it is generally safer to put check_*_access after
reject_unauth_destination in smtpd_recipient_restrictions, or to put
them in other restrictions (latter if you want them to apply to both
inbound and outbound mail).
