On 2/5/2015 4:35 PM, wie...@porcupine.org (Wietse Venema)
<wie...@porcupine.org (Wietse Venema)> wrote:
> Charles Marcus:
>> Ok, Can't seem to figure this out...
>>
>> I want to block sending to certain domains - in this case, a domain that
>> is typod...
>>
>> Googling suggests this should work:
>>
>> smtpd_relay_restrictions = check_recipient_access
>> ${hash}/blacklisted_domains, permit_sasl_authenticated,
>> permit_mynetworks, reject
>>
>> blacklisted_domains contains
>> exemple.com REJECT did you mean 'exAmple.com'?
>>
>> But querying the map only works for the plain TLD, not for email
>> addresses for the TLD.
> check_recipient_access automatically makes queries for the email
> address, the domain, and more. See access(5).
>
>> # postmap -q exemple.com hash:/etc/postfix/maps/hash/blacklisted_domains
>> REJECT did you mean 'exAmple.com'?
>>
>> # postmap -q recipi...@exemple.com
>> hash:/etc/postfix/maps/hash/blacklisted_domains
>>
>> What am I missing?
> The postmap command does not automatically make related queries for
> email address, domain name, and more. You have make the related
> queries yourself.
>
> postmap cannot figure out by itself that you want to query an access
> map. It needs help. For example, to simulate the queries in
> header/body_checks, you specify "postmap -mh" or "postmap -mb".
Ok... but... this sounds like you are saying that it is expected that my
simple postmap -q test would fail, but that someone attempting to relay
an email to anyth...@exemple.com shoudl get REJECTed?
That is not the case:
> 2015-02-05T16:39:25-05:00 myserver postfix-587/smtpd[11726]:
> D8C9C824CA762: client=XXX[192.168.1.110], sasl_method=PLAIN,
> sasl_username=validu...@example.com
> 2015-02-05T16:39:25-05:00 myserver postfix/cleanup[11019]:
> D8C9C824CA762: message-id=<54d3e30d.1020...@example.com>
> 2015-02-05T16:39:25-05:00 myserver postfix/qmgr[10695]: D8C9C824CA762:
> from=<validu...@example.com>, size=697, nrcpt=1 (queue active)
> 2015-02-05T16:39:30-05:00 myserver postfix/smtp[11944]: D8C9C824CA762:
> to=<someth...@exemple.com>,
> relay=159-63-145-2.rcimx.com[208.80.204.36]:25, delay=4.3,
> delays=0.02/0/0.23/4, dsn=2.0.0, status=sent (250 OK)
> 2015-02-05T16:39:30-05:00 myserver postfix/qmgr[10695]: D8C9C824CA762:
> removed
But, the postmap -q test does at least show that it is accessing the map...
postconf -n shows that the check_recipient_access test is in the right
place:
# postconf -n | grep relay_restrictions
smtpd_relay_restrictions = check_recipient_access
${hash}/blacklisted_domains, permit_sasl_authenticated,
permit_mynetworks, check_client_access ${cidr}/allowed_clients.cidr, reject
