On 01/21/2011 04:56 PM, Noel Jones wrote: > On 1/21/2011 5:08 PM, Condor wrote: >> >> Hello, >> i have postfix 2.7.2 and i have problem with restrictions. I setup >> smtpd_recipient_restrictions here is my main.cf config file: >> >> smtpd_recipient_restrictions = >> permit_mynetworks, >> permit_sasl_authenticated, >> check_helo_access hash:/etc/postfix/helo_checks, >> check_sender_access hash:/etc/postfix/helo_checks, >> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, >> reject_unauth_destination, >> reject_invalid_hostname, >> reject_unauth_pipelining, >> reject_non_fqdn_sender, >> reject_unknown_sender_domain, >> reject_non_fqdn_recipient, >> reject_unknown_recipient_domain, >> reject_unlisted_sender, >> reject_rhsbl_client blackhole.securitysage.com, >> reject_rhsbl_sender blackhole.securitysage.com, >> reject_rbl_client relays.ordb.org, >> reject_rbl_client blackholes.easynet.nl, >> reject_rbl_client cbl.abuseat.org, >> reject_rbl_client proxies.blackholes.wirehub.net, >> reject_rbl_client bl.spamcop.net, >> reject_rbl_client sbl.spamhaus.org, >> reject_rbl_client opm.blitzed.org, >> reject_rbl_client dnsbl.njabl.org, >> reject_rbl_client list.dsbl.org, >> reject_rbl_client multihop.dsbl.org, >> reject_rbl_client pbl.spamhaus.org, >> permit >> >> That file pcre:/etc/postfix/recipient_checks.pcre contain: >> /^\@/ 550 Invalid address format. >> /[!%\@].*\@/ 550 This server disallows weird address syntax. >> /^postmaster\@/ OK >> /^hostmaster\@/ OK >> /^abuse\@/ OK >> /^nobody\@/ REJECT > > Don't escape the @ in pcre tables. ie: > /^nobody@/ REJECT nobody isn't here. >
Additionally, doesn't this configuration make the server in question an open relay? The recipient_checks.pcre file returns an OK when the RHS of an email address is anything for an LHS of postmater, hostmaster, and abuse, and it immediately precedes reject_unauth_destination in smtpd_recipient_restrictions. What is the purpose of configuring recipient validation in such a manner? The OP would be better served by correctly configuring the proper address classes. -Mike
