Thank you Viktor for taking the time out to look at my issue and assist me
with. I do appreciate your time and patience.
On Dec 8, 2010, at 9:17 PM, Victor Duchovni wrote:
On Wed, Dec 08, 2010 at 06:16:00PM -0800, cmallon wrote:
The subject of your message is misleading and unfortunate. Postfix
behaves exactly as configured.
smtpd_recipient_restrictions =
reject_unauth_destination,
You only accept mail for domains listed in mydestination,
virtual_alias_domains, virtual_mailbox_domains, or relay_domains.
I'm not sure I understand. Are you saying that my values for mydestination,
virtual_alias_domains, virtual_mailbox_domains or relay domains is responsible
my broken smtpd_reciepient_restriction? I have 4 postfix servers, this server
is dedicated to only one client (my other servers run wonderfully)
check_recipient_access hash:/etc/postfix/recipient_blacklist,
<implicit_check_recipient_access> hash:/etc/postfix/perm_blacklist,
<implicit_check_recipient_access> hash:/etc/postfix/hold,
You have three tables that further filter the recipient domain.
check_sender_access hash:/etc/postfix/sender_access,
Then a table that filters the sender domain. Anything that makes it past
this rule is accepted.
permit_sasl_authenticated, permit_mynetworks
I made some changes and removed check sender access and the hold tables, but
the recipient restrictions are still not being honored.
Then two pointless permit rules that serve no purpose at the end of the
list, since the default is to permit if the end of the list is reached
with no reject.
--
Viktor.
Here is the new postconf -n:
mail2:/var/spool/postfix root# postconf -n
2bounce_notice_recipient = postmaster
alias_maps = hash:/etc/aliases
always_bcc =
append_at_myorigin = no
enable_server_options = yes
html_directory = no
inet_interfaces = all
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
message_size_limit = 10240000
mydestination = $myhostname,localhost.$mydomain
mydomain = my_clientmail.my_company.com
mydomain_fallback = localhost
myhostname = my_clientmail
mynetworks =
127.0.0.1/32,10.1.0.0/16,192.168.3.0/24,172.16.0.0/12,10.1.18.24,192.168.0.0/16
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
notify_classes = bounce,protocol
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_destination_concurrency_limit = 50
smtpd_client_restrictions =
smtpd_enforce_tls = no
smtpd_pw_server_security_options = plain,login,cram-md5,gssapi
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_blacklist,hash:/etc/postfix/perm_blacklist,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_key_file =
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = no
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_alias
virtual_transport = lmtp:unix:/var/imap/socket/lmtp debug_peer_list =
127.0.0.
I noticed the conversation regarding brevity this morning, so please pardon me
if I'm providing too much information but I just want to be clear. I need my
mail server to use an internal black list.
I have emails that should never leave my server:
I know this address is in the blacklist table:
mail2:/var/spool/postfix root# grep thewhiteroom...@tiscali.co.uk
/etc/postfix/recipient_blacklist
thewhiteroom...@tiscali.co.uk reject
mail2:/var/spool/postfix root# grep thewhiteroom...@tiscali.co.uk
/etc/postfix/perm_blacklist
thewhiteroom...@tiscali.co.uk reject
Yet here it is in my mail logs:
Dec 9 08:59:00 mail2 postfix/smtp[16933]: 0725C8E704FD:
to=<thewhiteroom...@tiscali.co.uk>,
relay=mxgb1.opaltelecom.net[62.24.139.61]:25, delay=14026,
delays=14025/0.11/0.67/0.33, dsn=5.0.0, status=bounced (host
mxgb1.opaltelecom.net[62.24.139.61] said: 550 #5.1.0 Address rejected
thewhiteroom...@tiscali.co.uk (in reply to RCPT TO command))
Here is another that was actually sent:
mail2:/var/spool/postfix root# grep crafty_...@hotmail.com
/etc/postfix/recipient_blacklist
crafty_...@hotmail.com reject
mail2:/var/spool/postfix root# grep crafty_...@hotmail.com
/etc/postfix/perm_blacklist
crafty_...@hotmail.com reject
Dec 9 09:21:30 mail2 postfix/smtp[17661]: 0ACFE8E4392A:
to=<crafty_...@hotmail.com>, relay=127.0.0.1[127.0.0.1]:10027, conn_use=13,
delay=23079, delays=23077/1.3/0.01/1.1, dsn=2.0.0, status=sent (250 2.0.0 Ok:
queued as 51E0B8ECA5FB)
The current state of my queues:
mail2:/var/spool/postfix root# ls -l
total 24
drwx------ 17 _postfix wheel 578 Dec 9 09:31 active
drwx------ 3 _postfix wheel 102 Dec 9 09:31 bounce
-rwxrwxrwx 1 root wheel 125 Nov 2 16:55 check
drwx------ 2 _postfix wheel 68 Aug 22 2005 corrupt
-rwxrwxrwx 1 root wheel 124 Dec 8 16:01 count
drwx------ 18 _postfix wheel 612 Nov 2 16:36 defer
drwx------ 18 _postfix wheel 612 Mar 16 2007 deferred
drwx------ 3 _postfix wheel 102 Nov 30 07:54 flush
drwx------ 2 _postfix wheel 68 Aug 22 2005 hold
drwx------ 46523 _postfix wheel 50602710 Dec 9 09:31 incoming
drwx------ 57617 _postfix wheel 57664578 Dec 6 12:50 incoming.1206
drwx------ 60089 _postfix wheel 6499474 Dec 6 22:36 incoming.old
-rwxrwxrwx 1 root wheel 572 Dec 8 20:51 mailbyUser
drwx-wx--- 2 _postfix _postdrop 68 Dec 9 08:58 maildrop
drwxr-xr-x 20 root wheel 680 Oct 19 18:10 pid
drwx------ 26 _postfix wheel 884 Dec 8 09:29 private
drwx--x--- 7 _postfix _postdrop 238 Dec 8 08:59 public
drwx------ 2 _postfix wheel 68 Aug 22 2005 saved
drwx------ 17 _postfix wheel 578 Nov 19 2009 trace
mail2:/var/spool/postfix root#
