Helo, I would like that authentified users and users from my network could send email to wrong adresses because it could be worse to find a wrong address if the mail is rejected at the smtp connection.
# postconf -n address_verify_sender = [email protected] alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases bounce_size_limit = 50000 broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON hash_queue_depth = 1 hash_queue_names = deferred defer incoming hold header_checks = regexp:/etc/postfix/rules/header_checks html_directory = no mail_owner = postfix mailbox_size_limit = 250000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man message_size_limit = 250000000 milter_default_action = tempfail milter_protocol = 6 mydestination = $myhostname, localhost, localhost.$mydomain mydomain = sipr-dc.ucl.ac.be myhostname = smtp1.sgsi.ucl.ac.be mynetworks = 127.0.0.0/8,10.0.0.0/8,130.104.0.0/16,192.168.128.0/17,193.190.89.0/24 newaliases_path = /usr/bin/newaliases parent_domain_matches_subdomains = debug_peer_list mynetworks queue_directory = /var/spool/postfix readme_directory = no relay_domains = hash:/etc/postfix/relais/relay_domains relay_recipient_maps = hash:/etc/postfix/relais/transport hash:/etc/postfix/relais/virtual_relais hash:/etc/postfix/relais/virtual_aliases sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = $myhostname ESMTP smtpd_client_connection_rate_limit = 20 smtpd_client_message_rate_limit = 300 smtpd_client_recipient_rate_limit = 1000 smtpd_data_restrictions = check_sender_access hash:/etc/postfix/rules/check_backscatterer smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040 smtpd_hard_error_limit = ${stress?3}${stress:20} smtpd_helo_required = yes smtpd_helo_restrictions = check_client_access hash:/etc/postfix/rules/access check_recipient_access pcre:/etc/postfix/rules/listes_client_access permit_mynetworks permit_sasl_authenticated reject_invalid_hostname check_client_access hash:/etc/postfix/rules/helo_whitelist check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions reject_non_fqdn_hostname check_client_access hash:/etc/postfix/files_access/spammers check_helo_access pcre:/etc/postfix/rules/helo_checks check_sender_mx_access cidr:/etc/postfix/rules/bogus_mx_checks permit smtpd_milters = unix:/var/run/clamav/milter-clamav.socket local:/var/run/milter/milter-spiff.socket smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender check_recipient_access hash:/etc/postfix/rules/ucllouvain check_recipient_access hash:/etc/postfix/rules/invalid check_recipient_access hash:/etc/postfix/rules/phishing_reply_adresses permit_sasl_authenticated permit_mynetworks reject_unlisted_recipient reject_unknown_recipient_domain reject_unauth_destination reject_multi_recipient_bounce check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-header check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-permit check_sender_access hash:/etc/postfix/rules/sender_whitelist check_client_access hash:/etc/postfix/rules/client_whitelist check_sender_access pcre:/etc/postfix/rules/pcre_sender_whitelist check_recipient_access hash:/etc/postfix/rules/recipient_whitelist reject_rbl_client zen.dnsbl reject_rbl_client sip.invaluement.dnsbl reject_rbl_client cbl.abuseat.org reject_rbl_client bl.spamcop.net reject_rbl_client safe.dnsbl.sorbs.net permit_auth_destination reject smtpd_restriction_classes = must_be_valid_squirrel_sender restrict_list_client_access restrict_list_sender_accesrestrict_list_cluster_access smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_recipient_access pcre:/etc/postfix/rules/listes_sender_access check_client_access hash:/etc/postfix/rules/squirrel_ip check_sender_access hash:/etc/postfix/rules/access permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain check_sender_access hash:/etc/postfix/rules/stluc check_client_access hash:/etc/postfix/rules/access reject_unknown_sender_domain smtpd_soft_error_limit = ${stress?1}${stress:10} smtpd_tls_CAfile = /etc/postfix/ssl/ct_root.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-cert.pem smtpd_tls_key_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-key.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/spool/postfix/.cache/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/relais/transport hash:/etc/postfix/relais/virtual_relais unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/relais/virtual_aliases In smtpd_recipient_restrictions, I have put the lines permit_sasl_authenticated permit_mynetworks before reject_unlisted_recipient but when I send an email from 10.1.5.2 (within my networks) I get the following in the logfile : Nov 16 19:32:31 smtp-1 postfix/smtpd[8626]: connect from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2] Nov 16 19:32:43 smtp-1 postfix/smtpd[8626]: NOQUEUE: reject: RCPT from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2]: 550 5.1.1 <[email protected]>: Recipient address rejected: User unknown in relay recipient table; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<smtp2.sgsi.ucl.ac.be> Nov 16 19:32:51 smtp-1 postfix/smtpd[8626]: disconnect from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2] What's wrong ? Thanks -- Pascal
