below my working configuration in the hope somebody saves time and energy Am 17.04.2011 18:56, schrieb Sahil Tandon: > On Sun, 2011-04-17 at 17:59:35 +0200, Reindl Harald wrote: > >> one of my guesses would be >> query = select 'OK' from dbma_mta where mydestination='%d'; > > To accomplish your goal (as far as I understand it), instead of > returning OK for known domains, the query should return REJECT when a > sender domain is *not* in mydestination.
yes, yes and yes again - thank you - oh how nice :-) Apr 17 18:56:39 arrakis postfix/smtpd[4732]: NOQUEUE: reject: RCPT from unknown[10.0.0.6]: 554 5.7.1 <reindl.har...@gmail.com>: Sender address rejected: Access denied; from=<reindl.har...@gmail.com> to=<reindl.har...@gmail.com> proto=ESMTP helo=<www.rhsoft.net> cool, i do not know why "local_recipient_maps" is needed which has not a full list of all addresses, but it is accepetd and non listed adresses can be used too, perfectly since i will only restrict domain ______________________________ Here the postfix-configuration: proxy_read_maps = proxy:unix:passwd.byname proxy:mysql:/etc/postfix/mysql-mydestination.cf proxy:mysql:/etc/postfix/mysql-recipients.cf proxy:mysql:/etc/postfix/mysql-senderaccess.cf mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf transport_maps = proxy:mysql:/etc/postfix/mysql-mydestination.cf local_recipient_maps = proxy:mysql:/etc/postfix/mysql-recipients.cf smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-senderaccess.cf [root@arrakis:~]$ cat /etc/postfix/mysql-senderaccess.cf user = senderlist password = ***** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select 'REJECT' as action from dbma_mta where ((select count(*) from dbma_mta where mydestination='%d') < 1) limit 1; [root@arrakis:~]$ cat /etc/postfix/mysql-mydestination.cf user = senderlist password = ***** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select 'smtp:mail.thelounge.net' as transport from dbma_mta where mydestination='%s'; [root@arrakis:~]$ cat /etc/postfix/mysql-recipients.cf user = senderlist password = ***** dbname = dbmail hosts = inet:10.0.0.15:3306 inet:10.0.0.120:3307 query = select alias from dbma_recipients where alias='%s'; ______________________________ "transport" in "dbma_mta" is overwritten because it is enough to know the main-server accept a domain and relay it mysql> show fields from dbma_mta; +---------------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------------+--------------+------+-----+---------+-------+ | mydestination | varchar(35) | NO | PRI | | | | transport | varchar(100) | NO | | NULL | | +---------------+--------------+------+-----+---------+-------+ "dbma_recipients" is a view on the main-machine with only a user-list mysql> show fields from dbma_recipients; +-------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-------+--------------+------+-----+---------+-------+ | alias | varchar(255) | NO | | | | +-------+--------------+------+-----+---------+-------+ >> but since this is a production system and since some hours i have a >> big luck that everytime i try something no messages are sent because >> of sunday :-) > > I can empathize with that. :) thank you :-) yes, i know normally i should test this on my local machine but this one has a mirror-config from the main-server i will not damage....
signature.asc
Description: OpenPGP digital signature
