Am 17.04.2011 13:38, schrieb Reindl Harald: > hi > > we are having a full-featured server and some internal relays > for website-forms and such things with no restrictions > > on the full-featured server is a existing mysql-view > "dbma_recipients" with all addresses we would accept > incoming mails including some "@domain.tld" > > what would be the simplest way to restrict the sender on > the relay-servers only to this list in a way that > this overrides even "mynetworks" since only small > number of hosts is allowed to use the relay-servers > which are defined in "my_networks" > > ____________________________ > > summary: > > websites should use the relay-host as before without any > restrictions / authentication but it should be permitted > that anybody users "some...@gmx.net" as sender
i tried something but it will not work the sender-ip is "10.0.0.6" himself, relay on the webserver mynetworks = 127.0.0.0/8, 10.0.0.0/24, 85.124.176.242, 85.124.176.243 inet_interfaces = 10.0.0.6 proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mydestination.cf mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf transport_maps = proxy:mysql:/etc/postfix/mysql-mydestination.cf smtpd_reject_unlisted_sender = yes senders from domains in "mydestination" are also rejected with "unknown in local recipient table" ________________________________ mynetworks = 127.0.0.0/8, 10.0.0.0/24, 85.124.176.242, 85.124.176.243 inet_interfaces = 10.0.0.6 proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mydestination.cf proxy:mysql:/etc/postfix/mysql-recipients.cf mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf transport_maps = proxy:mysql:/etc/postfix/mysql-mydestination.cf local_recipient_maps = proxy:mysql:/etc/postfix/mysql-recipients.cf smtpd_reject_unlisted_sender = yes smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender permit_mynetworks reject_unauth_destination nothing from 10.0.0.6 is rejected why is "reject_unlisted_sender" before "permit_mynetworks" ignored? Apr 17 17:16:41 arrakis postfix/smtpd[31521]: B244136033: client=unknown[10.0.0.6] Apr 17 17:16:41 arrakis postfix/cleanup[31524]: B244136033: message-id=<d36654ef751260e1956332381f597...@www.rhsoft.net> Apr 17 17:16:41 arrakis postfix/qmgr[31508]: B244136033: from=<reindl.har...@gmail.com>, size=5272, nrcpt=1 (queue active) Apr 17 17:16:42 arrakis postfix/smtp[31525]: B244136033: to=<reindl.har...@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.79.27]:25, delay=0.68, delays=0.05/0.02/0.09/0.52, dsn=2.0.0, status=sent (250 2.0.0 OK 1303053402 q9si10339364eeh.5) Apr 17 17:16:42 arrakis postfix/qmgr[31508]: B244136033: removed "transport_maps" is used to get all mails to our own domains back to the "full-featured" mailserver and override MX which points to spam-appliance ________________________________ cat /etc/postfix/mysql-mydestination.cf user = senderlist password = ***************** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select 'smtp:mail.thelounge.net' as transport from dbma_mta where mydestination='%s'; cat /etc/postfix/mysql-recipients.cf user = senderlist password = ***************** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select alias from dbma_recipients where alias='%s';
signature.asc
Description: OpenPGP digital signature
