Re: QUESTION about 'reject_sender_login_mismatch'

Tue, 26 Jan 2010 15:43:16 -0800 

Коньков Евгений a écrit :
> Hello, Postfix-users.
> 
> 1. which option cause to warn:
>  reject_unknown_sender_domain reject_sender_login_mismatch 
> reject_unverified_sender
>  ?
> It will be cleaner if:
> ... Sender address rejected by 'reject_sender_login_mismatch' ...
> 

the three reject_* that yoi cited cause different rejection messages, so
there is no ambiguity once you know which says what.

> 2. and why it is warn if I am an authenticated user?
> 

because you have
        warn_if_reject reject_sender_login_mismatch

> 
> Jan 27 00:40:05 kes postfix/smtpd[81143]: connect from unknown[10.10.16.18]
> Jan 27 00:40:05 kes dovecot: auth(default): client in: AUTH     1       
> CRAM-MD5        service=smtp    nologin
> Jan 27 00:40:05 kes dovecot: auth(default): client out: CONT    1       
> PDc5NjIxMjAzODg4ODg1NjkuMTI2NDU0NTYwNUBrZXMubmV0LnVhPg==
> Jan 27 00:40:05 kes dovecot: auth(default): client in: CONT     1       
> a2VzQGtlcy5uZXQudWEgOTU0NjcxZjA1YThkZTgxMzg3OWFlMDc4NGJhNTQyOWI=
> Jan 27 00:40:05 kes dovecot: auth(default): passwd-file(asdf): lookup: 
> user=kes file=/usr/local/etc/postfix/users/asdf/mailboxes
> Jan 27 00:40:05 kes dovecot: auth(default): password(asdf): Credentials: 
> 5ac863f0b34f7a3062b61ad8491ff1291fa1cc2ef57c3bed63c85348107694b1
> Jan 27 00:40:05 kes dovecot: auth(default): client out: OK      1  user=asdf
> Jan 27 00:40:05 kes postfix/smtpd[81143]: NOQUEUE: reject_warning:
> RCPT from unknown[10.10.16.18]: 553 5.7.1 <asdf>: Sender address rejected: 
> not owned by user asdf;from=<asdf> to=<e...@some.domain.com> proto=ESMTP 
> helo=<HOMEUSER>
> Jan 27 00:40:05 kes postfix/smtpd[81143]: 70ABC33C42: 
> client=unknown[10.10.16.18], sasl_method=CRAM-MD5, sasl_username=asdf
> 
> config file:
> 
> smtpd_helo_required = yes
> smtpd_reject_unlisted_sender = yes
> #smtpd_helo_restrictions = reject_unknown_helo_hostname
> #smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_sender_restrictions =
>     warn_if_reject reject_unknown_sender_domain
>     warn_if_reject reject_sender_login_mismatch
>     warn_if_reject reject_unverified_sender
> smtpd_data_restrictions = reject_unauth_pipelining
> 
> 
> 
> #smtpd_client_restrictions =
> #    check_client_access hash:/usr/local/etc/postfix/access
> 
> smtpd_recipient_restrictions =
>     check_recipient_access hash:/usr/local/etc/postfix/access

put this elsewhere (such as under smtpd_sender_restrictions.. avoid
check_* before rject_unauth_destination, because an error will make you
relay mail that you wouldn't want to relay.


>     permit_mynetworks
>     permit_sasl_authenticated
>     reject_unauth_destination
>     warn_if_reject reject_unknown_recipient_domain
>     warn_if_reject reject_unverified_recipient
> 
> 
>

Reply via email to