Re: check_client_access

Sun, 01 Feb 2009 06:10:35 -0800 


Mouss,

>>> and your explanation was about a "receiver". That's 3 different
>>> things...
>>
>> So.. What I have to do to block a message based on the receiver?
>>
>
> check_recipient_access.
>
>>> PS. it would be safer to put your check_sender_access in
>>> smtpd_sender_restrictions so that an error in your sql query doesn't
>>> make you an open relay.
>>
>> Why is safer? Could have any side effect in my configuration? Thanks.
>>
>
> it's ok if you don't return "OK" in your map (Annie, are you OK?). but
> one day, you'll be tired and you'll add an entry to your map...
>
> this is why it is generally safer to put check_*_access after
> reject_unauth_destination in smtpd_recipient_restrictions, or to put
> them in other restrictions (latter if you want them to apply to both
> inbound and outbound mail).

This is the restictions in my main.cf file:

smtpd_client_restrictions =
    check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf

smtpd_helo_restrictions =
smtpd_sender_restrictions =

smtpd_recipient_restrictions =
    check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
    check_recipient_access
proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
    check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf
    permit_mynetworks
    permit_sasl_authenticated
    check_policy_service inet:127.0.0.1:54000
    reject_unauth_destination
.
.
.

How do I have to modify it so that I could block an email address either
if is the sender or one of the recipients, AND either if the message is
incoming or outgoing?

Maybe so (assuming that the action will never be "OK")...

smtpd_client_restrictions =
    check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf

smtpd_helo_restrictions =
smtpd_sender_restrictions =
    check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
    check_recipient_access
proxy:mysql:/etc/postfix/mysql-check-sender-access.cf

smtpd_recipient_restrictions =
    check_recipient_access
proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
    check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf
    permit_mynetworks
    permit_sasl_authenticated
    check_policy_service inet:127.0.0.1:54000
    reject_unauth_destination
.
.
.

Or you have another configuration to propose the is safer?

rocsca























					Reply via email to