> On 01/21/2011 11:20 PM, Condor wrote:
>>
>> # postconf smtpd_recipient_restrictions
>>
>> smtpd_recipient_restrictions = permit_mynetworks,
>> permit_sasl_authenticated, reject_unauth_destination,
>> check_helo_access
>> hash:/etc/postfix/helo_checks, check_sender_access
>> hash:/etc/postfix/helo_checks, check_recipient_access
>> pcre:/etc/postfix/recipient_checks.pcre, reject_invalid_hostname,
>> reject_unauth_pipelining, reject_non_fqdn_sender,
>> reject_unknown_sender_domain, reject_non_fqdn_recipient,
>> reject_unknown_recipient_domain, reject_unlisted_sender,
>> reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender
>> dbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client
>> b.barracudacentral.org, reject_rbl_client cbl.abuseat.org,
>> reject_rbl_client dyna.spamrats.com, reject_rbl_client bl.spamcop.net,
>> reject_rbl_client zen.spamhaus.org, reject_rbl_client opm.blitzed.org,
>> reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net,
>> reject_rbl_client db.wpbl.info, permit
>>
>>
>> I change my rbl lists and will see did they work, but this
>> check_recipient_access pcre:/etc/postfix/recipient_checks.pcre still
>> does
>> not work. I change my file as you tell me:
>> /^@/ REJECT 550 Invalid address format.
>> /[!%@].*@/ REJECT 550 This server disallows weird address syntax.
>> /^postmaster@/ OK
>> /^hostmaster@/ OK
>> /^abuse@/ OK
>> /^nobody@/ REJECT 550 User is unknow.
>>
>> Reload postfix configuration once and after that i still can receive
>> email
>> to nobody mailbox.
>> I can't find why isn't work. Any advice what i can do ? I change to
>> check_recipient_access to hash:/etc/postix/block that contain
>> nob...@my-domain.com REJECT Go away postmap and reload but again does
>> not
>> work. Server just pass the mail to nobody.
>>
>
> What are the contents of the file /etc/postfix/helo_checks? Your server
> also does not reject on the restrictions reject_non_fqdn_sender,
> reject_unknown_sender_domain, or reject_non_fqdn_recipient. Something
> is generating an 'OK' or 'permit' result prior to those checks. Maybe
> it's time you provided your current postconf -n output, as well as the
> full contents of access maps you're using.
>
> Also, replacing your 'OK' results in your access maps with
> permit_auth_destination may be safer in case you accidentally move them
> after reject_unauth_destination again in the future.
>
> -Mike
>
Here is my configuration from postconf -n
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 0
message_size_limit = 30720000
myhostname = mail.my-domain.com
mynetworks = 46.40.123.212/32 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
proxy_read_maps = $local_recipient_maps $mydestionation
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_helo_hostname, reject_unknown_helo_hostname,
reject_non_fqdn_helo_hostname, permit
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination, check_helo_access
hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/helo_checks, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, reject_invalid_hostname,
reject_unauth_pipelining, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unlisted_sender,
reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client
b.barracudacentral.org, reject_rbl_client cbl.abuseat.org,
reject_rbl_client dyna.spamrats.com, reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org, reject_rbl_client opm.blitzed.org,
reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client db.wpbl.info, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/mail.my-domain.com.pem
smtpd_tls_cert_file = /etc/postfix/ssl/mail.my-domain.com.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.my-domain.com.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:1005
virtual_mailbox_base = /var/spool/postmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:1004
And here is content of helo_check file:
domain1.com REJECT You are not in domain1.com
domain2.net REJECT You are not in domain2.net
my-domain.com REJECT You are not in my-domain.com
domain3.com REJECT You are not in domain3.com
# Somebody HELO'ing with our IP address?
192.168.1.2 REJECT You are not 192.168.1.2
# Somebody HELO'ing as "localhost?" Impossible, we're "localhost"
localhost REJECT You are not me
--
Regards,
Condor
