On 11/7/2017 9:40 AM, Seb wrote: > > Hello, > > >>> I run a small publishing company and for the sake of easing >>> communication between authors (who work in teams) I have provided >>> each of them with a local alias. Typically, mail sent to >>> <firstname>.<lastname>@<mydomain> is redirected to >>> <firstname>.<lastname>@gmail.com, the usual email address of the >>> author. >> You can use a postfix policy service such as postfwd to create a >> list of allowed senders for some particular recipient. This isn't >> difficult, but will require manual intervention anytime a change >> is needed. Postfwd may be kinda old, but is still widely used. >> http://postfwd.org/ > > (Reminder: my aim is to allow emails for our site's users only if > the emails come from a certain dynamic list of addresses. It's a > tool to Filter Unauthorized Communications with Keyholes, or in > short, let's call it f.u.c.k.) > > I looked at the three solutions hinted at by Noel Jones. Postfwd was > closest to my needs but it seemed more straightforward to use > Postfix' SMTP Access Policy Delegation, which is mentioned in > Postfwd's own documentation. To this end I closely followed the > instructions provided by the documentation: > http://www.postfix.org/SMTPD_POLICY_README.html#client_config > > In master.cf I added the lines > # service type private unpriv chroot wakeup maxproc command > + args > policy unix - n n - 0 spawn > user=nobody argv=/home/seb/sandra/bin/fuck > (I tried writing this on 1 line or on 2 lines.) > > In main.cf I extended smtpd_recipient_restrictions to: > smtpd_recipient_restrictions = > reject_invalid_helo_hostname, > [...] > check_policy_service inet:127.0.0.1:10023, > check_policy_service unix:/home/seb/sandra/bin/fuck, > permit > and, as the doc instructed, I also added: > policy_time_limit = 3600 > > As for the Perl script that would decide whether an email should go > through or not, for testing purposes I simply wrote: > #!/usr/bin/perl > print "action=dunno\n\n"; > > I then did a "chmod a+x" on /home/seb/sandra/bin/fuck and a "postfix > reload"; my postfix version is 2.11 (Debian 8). > > This setup is as close to the documentation as I can make it. Yet I > have missed something because /var/log/mail.log says: > Nov 7 13:51:17 ns3358511 postfix/smtpd[14177]: warning: connect to > /home/seb/sandra/bin/fuck: No such file or directory > Nov 7 13:51:17 ns3358511 postfix/smtpd[14177]: warning: problem > talking > to server /home/seb/sandra/bin/fuck: No such file or directory > > although the file really exists: > ~>ls -l /home/seb/sandra/bin/fuck > -rwxr-xr-x 1 seb seb 2880 Nov 7 16:31 /home/seb/sandra/bin/fuck > > The problem could very well be something simple or so self-evident > that it was not deemed necessary to write it in the documentation. > > I toyed with this as much as I dared on a live system, and still > have no clue what the message in mail.log really means. > > Any help figuring this out would be very much appreciated, thank you! > > > Kind regards, > Sébastien.
My first guess is http://www.postfix.org/DEBUG_README.html#no_chroot -- Noel Jones
