Am 17.04.2011 17:50, schrieb Sahil Tandon: > On Sun, 2011-04-17 at 17:39:34 +0200, Reindl Harald wrote: > >> Am 17.04.2011 17:34, schrieb Sahil Tandon: >>> On Sun, 2011-04-17 at 17:18:04 +0200, Reindl Harald wrote: >>> >>>> why is "reject_unlisted_sender" before "permit_mynetworks" ignored? >>>> >>>> Apr 17 17:16:41 arrakis postfix/smtpd[31521]: B244136033: >>>> client=unknown[10.0.0.6] >>>> Apr 17 17:16:41 arrakis postfix/cleanup[31524]: B244136033: >>>> message-id=<d36654ef751260e1956332381f597...@www.rhsoft.net> >>>> Apr 17 17:16:41 arrakis postfix/qmgr[31508]: B244136033: >>>> from=<reindl.har...@gmail.com>, size=5272, nrcpt=1 (queue >>>> active) >>> >>> Do you expect reject_unlisted_sender to act on 'reindl.har...@gmail.com' >>> even though 'gmail.com' is not defined as one of your domains? >> >> exactly > > Then the reject_unlisted_sender access restriction is the wrong tool, > because it only acts on envelopes in which the sender domain is defined > in one of your domain classes. > >> everybody on this machine should can use the machines ip-addr as >> smtp-relay but only with domains listed on our main-server > > You could use check_sender_access to enforce specific sender domains.
It does not love me and allowing still gmail.com :-( smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-senderaccess.cf user = senderlist password = ***************** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select 'OK' as action from dbma_mta where mydestination='%d'; mysql> select 'OK' from dbma_mta where mydestination='gmail.com'; Empty set (0.00 sec) mysql> select 'OK' as action from dbma_mta where mydestination='rhsoft.net'; +--------+ | action | +--------+ | OK | +--------+ 1 row in set (0.01 sec) mysql> select 'OK' as action from dbma_mta where mydestination='gmail.com'; Empty set (0.00 sec)
signature.asc
Description: OpenPGP digital signature
