Re: Blocking with smtpd_client_restrictions

Tue, 23 Jun 2009 13:49:54 -0700 

On Jun 23, 2009, at 4:22 PM, Jon <jo...@iotk.net> wrote:
I have postfix on a debian Linux (lenny, ESXi virtual) machine handling inbound traffic for a couple domains on Microsoft Exchange 2003. I am using transport_maps and getadsmtp.pl for my recipient list which seem to work fine. The questions I have are related to smtpd_client_restrictions. 


smtp1:/etc/postfix# postconf -n | grep smtpd_client_restrictions
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access_hash,
check_client_access regexp:/etc/postfix/access_regexp,
reject_unknown_reverse_client_hostname,
reject_unknown_client_hostname


Show all 'postconf -n' instead of snippets for more thorough debugging.


smtp1:/etc/postfix# cat access_hash
.it REJECT 554 Access denied

smtp1:/etc/postfix# cat access_regexp
/gaoland\.net/


My questions:
1) Are two check_client_access statements as I have in smtp_client_restrictions legal? 

Yes.


and
2) If yes to 1, assuming I've grepped the mail.log correctly, should this have gotten past the .it block in the access_hash check? If not, what might be changed to block .it?
You're trying to block an entire TLD. See the access(5) manual, especially the section on lookups from indexed files. You might want to try "it" as a lookup key instead of ".it", given the likely inclusion of smtpd_access_maps in your configuration's parent_domain_matches_subdomains. 


smtp1:/etc/postfix# grep 93.34.55.54 /var/log/mail.log
Jun 23 14:07:24 smtp1 postfix/smtpd[17911]: connect from 93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:25 smtp1 postfix/smtpd[17911]: 4379695C08: client=93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:25 smtp1 postfix/smtpd[17911]: 4379695C08: client=93-34-55-54.ip48.fastwebnet.it[93.34.55.54] Jun 23 14:07:26 smtp1 postfix/cleanup[17916]: 4379695C08: message- id=<8632386099.20081111180...@nextnature.net> Jun 23 14:07:26 smtp1 postfix/qmgr[17407]: 4379695C08: from=<robertbreakagemar...@nextnature.net >, size=608, nrcpt=5 (queue active) Jun 23 14:07:26 smtp1 postfix/smtp[17917]: 4379695C08: to=<myu...@domain.org >, relay=x.x.x.x[x.x.x.x]:25, delay=1.2, delays=1/0/0/0.18, dsn=2.6.0, status=sent (250 2.6.0 <8632386099.20081111180...@nextnature.net > Queued mail for delivery) Jun 23 14:07:26 smtp1 postfix/smtpd[17911]: disconnect from 93-34-55-54 .ip48.fastwebnet.it[93.34.55.54]

Reply via email to