On 05.11.24 21:11, Florian Piekert via Postfix-users wrote:
submission is done via postfix. Auth is against dovecot mechanism with
...sasl_type=dovecot ...sasl_auth_enable=yes ...sasl_path=private/auth in
master.cf.
So now back to SMTP restriction classes perhaps. Thanks for this
pointer/keyword!
I found "something" on server fault and the pf readme, but I seem to be too
slow in understanding and piecing things together.
If I understood correctly, I need to have a "list" containing the "jailed"
user1@domain_AB. Let's call it restricted_senders as in the pf docs.
---8<---
#
user1@domain_AB local_only
---8<---
I have added it in my main.cf (I add smtpd_client_restrictions for
completeness, perhaps there is the issue in the combined setup?):
---8<---
...
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
check_client_access btree:$meta_directory/client_checks,
check_sender_access btree:$meta_directory/sender_access,
check_sender_mx_access cidr:$meta_directory/access_mx,
check_sender_ns_access cidr:$meta_directory/access_ns,
check_sender_access btree:$meta_directory/rhsbl_sender_domain_exceptions,
check_sender_access
btree:$meta_directory/reject_unverified_sender_exceptions,
reject_rbl_client hostkarma.junkemailfilter.com=127.0.0.2,
reject_rbl_client zen.spamcop.net,
reject_rbl_client bl.spamcop.net,
reject_rhsbl_client hostkarma.junkemailfilter.com=127.0.0.2,
reject_invalid_helo_hostname,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
Permit
#
smtpd_recipient_restrictions = permit_mynetworks,
check_sender_access btree:$meta_directory/restricted_senders,
reject_unauth_destination,
reject_unknown_recipient_domain,
reject_unlisted_recipient,
check_policy_service inet:[127.0.0.1]:10023,
check_recipient_access regexp:$meta_directory/recipient_checks.regexp,
check_recipient_access btree:$meta_directory/recipient_checks,
reject_non_fqdn_recipient
#
smtpd_restriction_classes = local_only
local_only = check_recipient_access btree:/etc/postfix/local_domains, reject
...
---8<---
But testing it, it doesn't work. Any helping hand here?
Check these conditions:
1. the smtpd_client_restrictions and smtpd_recipient_restrictions are often
overridden in master.cf for "submission" and "smtps (submissions)" services
2. If the sender is in your $mynetworks, the
"check_sender_access btree:$meta_directory/restricted_senders"
is skipped because the first rule "permit_mynetworks" returns.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
