On 8/27/2014 12:37 PM, Alex wrote: > Hi all, > I'm using postfix-2.10.3 on fedora20 and having trouble with > outbound mail getting rejected due restrictions in my body_checks. I > thought I had the ordering correct, but I apparently don't know how > to allow mynetworks to be excluded from the body restrictions.
There is no bypass mechanism for header/body checks. Alternatives include: - edit or remove the offending rule. - edit the master.cf submission service to add "-o receive_override_options=no_header_body_checks" to completely disable those checks on the submission port. This requires that all local mail use the submission port and not the general purpose port 25 (a good idea regardless). http://www.postfix.org/postconf.5.html#receive_override_options - use multiple postfix instances to separate inbound and outbound controls. http://www.postfix.org/MULTI_INSTANCE_README.html - Use one of the external postfix interfaces to do the checks in some external software that has per user or per client controls. Which method to use depends on your goals. http://www.postfix.org/SMTPD_POLICY_README.html http://www.postfix.org/CONTENT_INSPECTION_README.html -- Noel Jones > > I've included my postconf output below, and hoped someone could help > me understand where my configuration error is. > > alias_database = hash:/etc/postfix/aliases > alias_maps = hash:/etc/postfix/aliases > allow_mail_to_files = alias,forward > always_bcc = bcc-user > biff = no > body_checks = regexp:/etc/postfix/body_checks.pcre > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > default_process_limit = 200 > delay_warning_time = 4h > disable_vrfy_command = yes > fallback_relay = > header_checks = pcre:/etc/postfix/header_checks.pcre > pcre:/etc/postfix/header_checks-jimsun.pcre > html_directory = no > inet_protocols = ipv4 > mail_owner = postfix > mailbox_command = /usr/bin/procmail > mailbox_size_limit = 0 > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > maximal_queue_lifetime = 2d > message_size_limit = 24000000 > mime_header_checks = pcre:/etc/postfix/mime_header_checks > mydestination = $myhostname, localhost.$mydomain > mydomain = example.com <http://example.com> > myhostname = mail01.example.com <http://mail01.example.com> > mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, 192.168.1.0/24 > <http://192.168.1.0/24>, 192.168.6.0/24 <http://192.168.6.0/24>, > 68.111.222.40/29 <http://68.111.222.40/29> > newaliases_path = /usr/bin/newaliases > postscreen_access_list = permit_mynetworks, > cidr:/etc/postfix/postscreen_access.cidr > postscreen_blacklist_action = drop > postscreen_dnsbl_action = enforce > postscreen_dnsbl_reply_map = > pcre:$config_directory/postscreen_dnsbl_reply_map.pcre > postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net > <http://mykey.zen.dq.spamhaus.net>*3 b.barracudacentral.org > <http://b.barracudacentral.org>*2 list.dnswl.org > <http://list.dnswl.org>=127.0.[2..14].[2..3]*-4 > postscreen_dnsbl_threshold = 3 > postscreen_greet_action = enforce > postscreen_whitelist_interfaces = static:all 68.111.222.40/29 > <http://68.111.222.40/29> > queue_directory = /var/spool/postfix > rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps} > readme_directory = /usr/share/doc/postfix/README_FILES > relay_domains = $mydestination, $transport_maps, example.com > <http://example.com>, cs.example.com <http://cs.example.com>, > example.com <http://example.com> > sample_directory = /usr/share/doc/postfix/samples > sendmail_path = /usr/sbin/sendmail > setgid_group = postdrop > smtpd_client_restrictions = check_client_access > cidr:/etc/postfix/client_access_blocklist > smtpd_helo_required = yes > smtpd_recipient_restrictions = reject_non_fqdn_recipient, > check_client_access > hash:/etc/postfix/client_checks_special, # client checks permitted > before mynetworks > check_sender_access > hash:/etc/postfix/sender_checks_special, # sender checks permitted > before mynetworks > reject_non_fqdn_sender, reject_unlisted_recipient, > permit_mynetworks, > reject_unauth_destination, reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net > <http://mykey.dbl.dq.spamhaus.net>, > reject_rhsbl_sender mykey.dbl.dq.spamhaus.net > <http://mykey.dbl.dq.spamhaus.net>, > reject_rhsbl_helo mykey.dbl.dq.spamhaus.net > <http://mykey.dbl.dq.spamhaus.net> > check_helo_access pcre:/etc/postfix/helo_checks.pcre, > check_helo_access hash:/etc/postfix/helo_checks, > reject_invalid_helo_hostname, > check_policy_service inet:127.0.0.1:2501 > <http://127.0.0.1:2501>, # sqlgrey > check_client_access hash:/etc/postfix/client_checks, > check_sender_access hash:/etc/postfix/sender_checks, > check_recipient_access pcre:/etc/postfix/relay_recips_seg, > check_recipient_access pcre:/etc/postfix/relay_recips_access, > check_recipient_access pcre:/etc/postfix/prop_recip_map, > check_recipient_access pcre:/etc/postfix/recipient_checks, > check_recipient_access pcre:/etc/postfix/relay_recip_checks, > check_recipient_access > pcre:/etc/postfix/relay_recips_ecartis, permit > transport_maps = hash:/etc/postfix/transport > virtual_alias_maps = hash:/etc/postfix/virtual, > hash:/etc/postfix/virtual-seg > > Thanks so much, > Alex > > >
