master.cf:
~~~~
127.0.0.1:27 inet n - n - - smtpd
-o syslog_name=postfix/$service_name
-o smtpd_delay_reject=no
-o smtpd_sender_restrictions=pcre:/etc/postfix/senders_cgp.pcre,reject_non_fqdn_sender,reject
~~~~~
/etc/postfix/senders_cgp.pcre:
/^\S+\@vdk\.ru$/ OK
/^\S+\@hak\.vdk\.ru$/ OK
/^<>$/ OK
/.*/ reject
the postfix received mail from a sender with an incomplete address:
/etc/postfix > telnet 127.0.0.1 27
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hak.vdk.ru ESMTP Postfix
mail from: w.w
250 2.1.0 Ok
rset
250 2.0.0 Ok
mail from: w.w@invalid.domain
554 5.7.1 <w.w@invalid.domain>: Sender address rejected: Access denied
rset
250 2.0.0 Ok
mail from: w.w
250 2.1.0 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
after the order of checks was changed everything worked as I need
master.cf:
~~~~
127.0.0.1:27 inet n - n - - smtpd
-o syslog_name=postfix/$service_name
-o smtpd_delay_reject=no
-o smtpd_sender_restrictions=reject_non_fqdn_sender,pcre:/etc/postfix/senders_cgp.pcre,reject
/etc/postfix > telnet 127.0.0.1 27
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hak.vdk.ru ESMTP Postfix
mail from: w.w
504 5.5.2 <w.w>: Sender address rejected: need fully-qualified address
rset
250 2.0.0 Ok
mail from: w...@ya.com
554 5.7.1 <w...@ya.com>: Sender address rejected: Access denied
rset
250 2.0.0 Ok
mail from: w...@vdk.ru
250 2.1.0 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.
I returned the order of checks to its original state, but I wrote only one rule in the senders_cgp.pcre file:
/^(.+)$/ reject "$1"
after that
/etc/postfix > telnet 127.0.0.1 27
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 hak.vdk.ru ESMTP Postfix
mail from: w.w
554 5.7.1 <w.w>: Sender address rejected: "w...@hak.vdk.ru"
quit
221 2.0.0 Bye
Connection closed by foreign host.
it was found out that the postfix always, regardless of the remote_header_rewrite_domain,
local_header_rewrite_clients settings, during the smtpd_sender_restrictions check,
adds the value of the $myhostname variable to the incomplete sender address. Moreover, $myhostname is taken only from the file main.cf ,
option -o myhostname= in master.cf ignored. And if the very first check of the sender's address is not "reject_non_fqdn_sender", $myhostname will be added to the incomplete sender's address from main.cf . Maybe this behavior of the postfix is documented somewhere? Or did I miss something?
Regards, Alexander
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
