Thanks for trying to help Viktor, but I don't think this configuration will
work for me. Let me try to explain; when I made my original post, others on the
list were somewhat surprised regarding my intent.
This relay isn't so much a relay as a choke point. The test network I support
is subject to tight quotas regarding traffic on the corporate email system. I
need all mail discarded unless it meets the following conditions:
All mail relays for hosts listed in client_access
Mail from hosts not listed in client_access is subject
to sender/recipient restrictions
If a sender is allowed (rare), recipients are evaluated,
and either relayed (even rarer) or discarded
-----Original Message-----
From: Victor Duchovni [mailto:victor.ducho...@morganstanley.com]
Sent: Thursday, December 30, 2010 12:45 PM
To: Larsen, Michael W.
Cc: postfix-users@postfix.org
Subject: Re: Relay restrictions
On Thu, Dec 30, 2010 at 12:17:57PM -0600, michael.lar...@wellsfargo.com wrote:
> > # See what addresses are allowed to relay as senders.
> > # Check them against allowed recipients in recipient_access
> > # under smtpd_restriction_classes.
> > check_sender_access hash:/etc/postfix/sender_access
>
>
> Viktor said:
>
> "This makes you an open relay for forged sender addresses."
>
> Yes, Noel made me aware of that risk when answering the original query, I
> just don't know what to do about it and maintain the basic functionality of
> what I'm trying to achieve (see below).
>
Not *a risk*, rather an inevitable, and difficult to recover from exploit.
DO NOT base relay access on envelope sender address information, it is
trivially forged.
Upthread:
I need a way to implement
"check_sender_access_AND_check_recipient_access"
Your problem is almost certainly best solved by using each of the
multiple restriction lists to check each of the required conditions.
cidr = cidr:${config_directory}/
indexed = ${default_database_type}:${config_directory}/
smtpd_client_restrictions =
check_client_access ${cidr}allowed-clients,
check_client_access static:discard
smtpd_sender_restrictions =
check_sender_access ${indexed}allowed-senders,
check_client_access static:discard
# The default is likely fine:
smtpd_recipient_restrictions =
check_recipient_access ${indexed}allowed-recipients,
check_client_access static:discard,
#
# At least one reject by default rule is required in
# smtpd_recipient_restrictions, defeat the logic by
# listing permit, then reject. In reality permit = discard.
#
permit, reject
With this all mail is discarded unless all the conditions below are met:
- From an allowed SMTP client (IP address CIDR table)
- From an allowed envelope sender (indexed via postmap lookup table)
- To an allowed envelope recipient (indexed via postmap lookup table)
--
Viktor.
