Re: problems with authorized_submit_users

Tue, 28 Jun 2011 22:18:20 -0700 

On Tue, Jun 28, 2011 at 06:54:57PM +0200, Bartłomiej Solarz-Niesłuchowski wrote:
> W dniu 2011-06-28 03:12, mouss pisze:
> >Le 27/06/2011 21:14, Bartłomiej Solarz-Niesłuchowski a écrit :
> >>Good mornig!
> >>
> >>We want to block any mail locally seded from apache account.
> >>
> >>Many years ago we set in main.cf:
> >>authorized_submit_users = !apache,static:all
> >>but after upgrading postfix from 2.7.4 to  2.8.3
> >>this option suddenly stop working.
[snip most of irrelevant bounce message]
> >><43keratintrea...@gmail.com>: host gmail-smtp-in.l.google.com[74.125.39.27]
> >>      said: 550-5.1.1 The email account that you tried to reach does not 
> >> exist.
snip
> >Read this again. Google refused your email. nothing to do with
> >authorized_submit_users.
> yes correct but this mail was submitted via
> 
> X-Postfix-Sender: rfc822;apa...@dervish.wsisiz.edu.pl
> 
> and this is the problem.....
> 
> 
> >>Reporting-MTA: dns; dervish.wsisiz.edu.pl
> >>X-Postfix-Queue-ID: 55683C54256
> >>X-Postfix-Sender: rfc822;apa...@dervish.wsisiz.edu.pl
> >>Arrival-Date: Mon, 27 Jun 2011 20:41:15 +0200 (CEST)
> >>
> >>Final-Recipient: rfc822;43keratintrea...@gmail.com
> >>Original-Recipient:rfc822;43keratintrea...@gmail.com
> >>Action: failed
> >>
> >>Does somebody has clue why it stop working?

You still have not provided the information that Noel has asked for. 
Show *proof* that "authorized_submit_users = !apache,static:all", and 
that the apache account submitted this via sendmail(1).

I'll repeat the URL Noel gave you:
    http://www.postfix.org/DEBUG_README.html#mail
Do not post again without "postconf -n" and the logs showing the 
origin of Queue-ID: 55683C54256 on Mon, 27 Jun 2011 20:41:15 +0200 
(CEST). Complete, non-verbose logs for that message, or for another 
one which demonstrates the same problem.

Frankly, what you are doing strikes me as similar (if you'll forgive 
an idiom) to closing the barn door after the horse has gone. If your 
apache account has been compromised, you have a horse on the loose.

Go chase that horse! Postfix is a lesser problem.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

Reply via email to