Re: Block outgoing mails to a SMTP server
Il 2014-04-08 19:32 Noel Jones ha scritto: On 4/8/2014 11:32 AM, Roberto Carraro wrote: Hello, for reasons that I still have to investigate my Postfix server is sending mails to an outgoing server to the address: zamu...@spyandfly.com I would really like to know the content of those mails, if it is possible... Most important, how can I block mails to that address or to the entire domain? I suspect these are bounces of undeliverable mail. The proper solution is to not accept mail you can't deliver. some random nuggets: Bounces generated by postfix are not subject to the normal access controls and cannot be blocked with an access map or header/body checks. Display the contents of the postfix queue with either of # mailq -- or -- # postqueue -q View the contents of a message in the queue with the postcat command. # postcat -q QUEUEID | less You can delay mail in the queue by adding a transport_maps entry pointing to the defer: transport. Release the deferred mail with "postqueue -i QUEUEID" # main.cf transport_maps = hash:/etc/postfix/transport # transport example.com defer: -- Noel Jones Thank you all for your support; I managed to catch one of the 'mysterious' outgoing mails. They were user/password registrations for a web server (Dokuwiki) that I had still active on my host, even though I didn't use it anymore, and which I forgot to update. Lesson learned. bye -- Roberto Carraro
socketmap -vs- tcp_table
What are the benefits of socketmap (postfix 2.10+) vs tcp_table? And can I use socketmap with sender_dependent_default_transport_maps ? i.e. sender_dependent_default_transport_maps = socketmap:inet:127.0.0.1: I'm struggling to understand the what the documentation of socketmap refers to "name" and the response's format. Any tips? Thanks
Re: socketmap -vs- tcp_table
Marcus: > What are the benefits of socketmap (postfix 2.10+) vs tcp_table? tcp_table is Postfix-only. socketmap also works with Sendmail, and is a better protocol. > And can I use socketmap with sender_dependent_default_transport_maps ? You can use any Postfix table-driven feature with socketmap, as long as that feature is not security-sensitive (for example it is OK for access maps and routing, but it can't be used for local aliases because they may contain shell commands, and it can't be used for virtual uid/gid maps which specify execution privileges). > I'm struggling to understand the what the documentation of socketmap > refers to "name" and the response's format. Any tips? The socketmap protocol requires that each query specifies a name. I suppose the idea is that one socketmap server can answer queries for databases with different names. Wietse
Sender based relaying
Because of compromised passwords that spammers are using to send high volumes of SPAM through our servers, I am using policyd to limit the number of emails a user can send in a given timeframe. The problems that our marketing division (aka the Admissions Office) normally send out high volumes of email to potential new students. We all have a specific server with Postfix configured to use a mailing service(Mandrill from MailChimp) and the largest numbers of emails, upwards of 10 to 15 thousand at a time are routed through that server. But also have individual Admission Counselors who send out mail merged messages under their own name. Is there anyway that I can configure postfix on our default server to relay messages from specific sender’s outgoing email through the server that’s configured to use Mandrill before the policy daemon sees them. Below is the configuration that implements the check_policy_service: smtpd_helo_restrictions = smtpd_client_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = hash:/etc/postfix/protected_destinations,proxy:ldap:limittag check_client_access hash:/etc/postfix/client_checks check_policy_service inet:127.0.0.1:10031 permit_mynetworks reject_unauth_destination reject_invalid_hostname reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031 Barring the ability to do tho in Postfix directly, is there any reliable front-end package that can examine the messages first and then decide whether to pass the message to the local copy of Postfix or rely the message to the Mandrill configure server? I would need someday for this front-end to make its determination based on some sort of dynamic list (preferably ldap based). Thanks, Rob Tanner UNIX Services Manager Linfield College, McMinnville Oregon ITS will never ask you for your password. Please don’t share yours with anyone!
check_client_access in smtpd_client_restrictions
I am running postfix 2.6.6 and trying to setup check_client_access using a mysql lookup under the smtpd_client_restrictions, which does not appear to be rejecting clients when the query returns "REJECT" (which has been confirmed to return "REJECT" using postmap -q xxx mysql:..). When I change it to look at a hash file with the same IP/REJECT entry it works perfectly, so I am wondering is using a mysql lookup not supported for check_client_access under smtpd_client_restrictions?
Re: check_client_access in smtpd_client_restrictions
On 4/15/2014 2:27 PM, List wrote: > I am running postfix 2.6.6 and trying to setup check_client_access > using a mysql lookup under the smtpd_client_restrictions, which does > not appear to be rejecting clients when the query returns "REJECT" > (which has been confirmed to return "REJECT" using postmap -q xxx > mysql:..). When I change it to look at a hash file with the same > IP/REJECT entry it works perfectly, so I am wondering is using a > mysql lookup not supported for check_client_access under > smtpd_client_restrictions? > Yes, it's supported. You've not given sufficient information for us to identify your mistake. -- Noel Jones
Re: check_client_access in smtpd_client_restrictions
On 4/15/14, 2:50 PM, Noel Jones wrote: On 4/15/2014 2:27 PM, List wrote: I am running postfix 2.6.6 and trying to setup check_client_access using a mysql lookup under the smtpd_client_restrictions, which does not appear to be rejecting clients when the query returns "REJECT" (which has been confirmed to return "REJECT" using postmap -q xxx mysql:..). When I change it to look at a hash file with the same IP/REJECT entry it works perfectly, so I am wondering is using a mysql lookup not supported for check_client_access under smtpd_client_restrictions? Yes, it's supported. You've not given sufficient information for us to identify your mistake. -- Noel Jones Hopefully this is what you're looking for. postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_recipient_limit = 1000 default_process_limit = 1000 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 52224000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 52224000 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = server.domain.tld mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = relay.domain.tld sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_data_done_timeout = 900s smtp_data_init_timeout = 900s smtp_data_xfer_timeout = 900s smtp_helo_timeout = 900s smtp_mail_timeout = 900s smtp_tls_note_starttls_offer = yes smtpd_client_event_limit_exceptions = static:all smtpd_client_restrictions = check_client_access mysql:/etc/postfix/access_check.cf smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:1, check_client_access mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 postconf -m btree cidr environ hash ldap mysql nis pcre proxy regexp static unix check_access.cf query: SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO")
Does it work on an air gapped intranet?
I'm looking for an MTA that will work on an air gapped intranet. If the network is small enough, can this be done w/out a DNS?
Re: check_client_access in smtpd_client_restrictions
On 4/15/2014 3:02 PM, List wrote: > On 4/15/14, 2:50 PM, Noel Jones wrote: >> On 4/15/2014 2:27 PM, List wrote: >>> I am running postfix 2.6.6 and trying to setup check_client_access >>> using a mysql lookup under the smtpd_client_restrictions, which does >>> not appear to be rejecting clients when the query returns "REJECT" >>> (which has been confirmed to return "REJECT" using postmap -q xxx >>> mysql:..). When I change it to look at a hash file with the same >>> IP/REJECT entry it works perfectly, so I am wondering is using a >>> mysql lookup not supported for check_client_access under >>> smtpd_client_restrictions? >>> >> Yes, it's supported. You've not given sufficient information for us >> to identify your mistake. >> >> >>-- Noel Jones >> > > Hopefully this is what you're looking for. > > postconf -n: > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > default_destination_recipient_limit = 1000 > default_process_limit = 1000 > html_directory = no > inet_interfaces = all > inet_protocols = all > mail_owner = postfix > mailbox_size_limit = 52224000 > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > message_size_limit = 52224000 > mydestination = $myhostname, localhost.$mydomain, localhost > myhostname = server.domain.tld > mynetworks = $config_directory/mynetworks > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES > relayhost = relay.domain.tld > sample_directory = /usr/share/doc/postfix-2.6.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_data_done_timeout = 900s > smtp_data_init_timeout = 900s > smtp_data_xfer_timeout = 900s > smtp_helo_timeout = 900s > smtp_mail_timeout = 900s > smtp_tls_note_starttls_offer = yes > smtpd_client_event_limit_exceptions = static:all > smtpd_client_restrictions = check_client_access > mysql:/etc/postfix/access_check.cf > smtpd_delay_reject = no > smtpd_helo_required = yes > smtpd_recipient_restrictions = check_policy_service > inet:127.0.0.1:1, check_client_access > mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous > smtpd_sasl_type = dovecot > smtpd_sender_restrictions = reject_unknown_sender_domain, > reject_non_fqdn_sender, permit > smtpd_tls_auth_only = no > smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt > smtpd_tls_key_file = /etc/pki/tls/private/postfix.key > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_database = > btree:/var/lib/postfix/smtpd_tls_cache > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > > postconf -m > > btree > cidr > environ > hash > ldap > mysql > nis > pcre > proxy > regexp > static > unix > > check_access.cf query: > > SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = > '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND > NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO") > How are you testing this? -- Noel Jones
Re: Does it work on an air gapped intranet?
Am 15.04.2014 22:06, schrieb Angus March: > I'm looking for an MTA that will work on an air gapped intranet. > If the network is small enough, can this be done w/out a DNS? http://www.catb.org/esr/faqs/smart-questions.html the medium does not matter *what* is your goal? a MTA without any DNS amkes little sense, without a MX pointing to him it won't receive mails, without name resoltuion it won't be able to relay mails somewhere else so if you only want to mail between a few people and never leave your own network - well than add the IP of the mailserver on the clients configs and you are done
Re: Does it work on an air gapped intranet?
On Tue, Apr 15, 2014 at 04:06:00PM -0400, Angus March wrote: > I'm looking for an MTA that will work on an air gapped intranet. If the > network is small enough, can this be done w/out a DNS? Postfix works without DNS, and even (when not "improved" with vendor patches) without a network connection at all. To disable DNS in Postfix 2.11.0 or later: smtp_dns_support_level = none With earlier Postfix versions: disable_dns_lookups = yes I would still deploy DNS even on the isolated network. Just add your own root zone, and off you go. -- Viktor.
Re: check_client_access in smtpd_client_restrictions
On 4/15/14, 3:12 PM, Noel Jones wrote: On 4/15/2014 3:02 PM, List wrote: On 4/15/14, 2:50 PM, Noel Jones wrote: On 4/15/2014 2:27 PM, List wrote: I am running postfix 2.6.6 and trying to setup check_client_access using a mysql lookup under the smtpd_client_restrictions, which does not appear to be rejecting clients when the query returns "REJECT" (which has been confirmed to return "REJECT" using postmap -q xxx mysql:..). When I change it to look at a hash file with the same IP/REJECT entry it works perfectly, so I am wondering is using a mysql lookup not supported for check_client_access under smtpd_client_restrictions? Yes, it's supported. You've not given sufficient information for us to identify your mistake. -- Noel Jones Hopefully this is what you're looking for. postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_recipient_limit = 1000 default_process_limit = 1000 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 52224000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 52224000 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = server.domain.tld mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = relay.domain.tld sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_data_done_timeout = 900s smtp_data_init_timeout = 900s smtp_data_xfer_timeout = 900s smtp_helo_timeout = 900s smtp_mail_timeout = 900s smtp_tls_note_starttls_offer = yes smtpd_client_event_limit_exceptions = static:all smtpd_client_restrictions = check_client_access mysql:/etc/postfix/access_check.cf smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:1, check_client_access mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 postconf -m btree cidr environ hash ldap mysql nis pcre proxy regexp static unix check_access.cf query: SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO") How are you testing this? -- Noel Jones postmap -q 'x.x.x.x' mysql:/etc/postfix/access_check.cf
Re: check_client_access in smtpd_client_restrictions
On 4/15/2014 3:25 PM, List wrote: > On 4/15/14, 3:12 PM, Noel Jones wrote: >> On 4/15/2014 3:02 PM, List wrote: >>> On 4/15/14, 2:50 PM, Noel Jones wrote: On 4/15/2014 2:27 PM, List wrote: > I am running postfix 2.6.6 and trying to setup check_client_access > using a mysql lookup under the smtpd_client_restrictions, which > does > not appear to be rejecting clients when the query returns "REJECT" > (which has been confirmed to return "REJECT" using postmap -q xxx > mysql:..). When I change it to look at a hash file with the same > IP/REJECT entry it works perfectly, so I am wondering is using a > mysql lookup not supported for check_client_access under > smtpd_client_restrictions? > Yes, it's supported. You've not given sufficient information for us to identify your mistake. -- Noel Jones >>> Hopefully this is what you're looking for. >>> >>> postconf -n: >>> >>> alias_database = hash:/etc/aliases >>> alias_maps = hash:/etc/aliases >>> broken_sasl_auth_clients = yes >>> command_directory = /usr/sbin >>> config_directory = /etc/postfix >>> daemon_directory = /usr/libexec/postfix >>> data_directory = /var/lib/postfix >>> debug_peer_level = 2 >>> default_destination_recipient_limit = 1000 >>> default_process_limit = 1000 >>> html_directory = no >>> inet_interfaces = all >>> inet_protocols = all >>> mail_owner = postfix >>> mailbox_size_limit = 52224000 >>> mailq_path = /usr/bin/mailq.postfix >>> manpage_directory = /usr/share/man >>> message_size_limit = 52224000 >>> mydestination = $myhostname, localhost.$mydomain, localhost >>> myhostname = server.domain.tld >>> mynetworks = $config_directory/mynetworks >>> newaliases_path = /usr/bin/newaliases.postfix >>> queue_directory = /var/spool/postfix >>> readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES >>> relayhost = relay.domain.tld >>> sample_directory = /usr/share/doc/postfix-2.6.6/samples >>> sendmail_path = /usr/sbin/sendmail.postfix >>> setgid_group = postdrop >>> smtp_data_done_timeout = 900s >>> smtp_data_init_timeout = 900s >>> smtp_data_xfer_timeout = 900s >>> smtp_helo_timeout = 900s >>> smtp_mail_timeout = 900s >>> smtp_tls_note_starttls_offer = yes >>> smtpd_client_event_limit_exceptions = static:all >>> smtpd_client_restrictions = check_client_access >>> mysql:/etc/postfix/access_check.cf >>> smtpd_delay_reject = no >>> smtpd_helo_required = yes >>> smtpd_recipient_restrictions = check_policy_service >>> inet:127.0.0.1:1, check_client_access >>> mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, >>> permit_sasl_authenticated, reject_unauth_destination >>> smtpd_sasl_auth_enable = yes >>> smtpd_sasl_path = private/auth >>> smtpd_sasl_security_options = noanonymous >>> smtpd_sasl_type = dovecot >>> smtpd_sender_restrictions = reject_unknown_sender_domain, >>> reject_non_fqdn_sender, permit >>> smtpd_tls_auth_only = no >>> smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt >>> smtpd_tls_key_file = /etc/pki/tls/private/postfix.key >>> smtpd_tls_loglevel = 1 >>> smtpd_tls_received_header = yes >>> smtpd_tls_security_level = may >>> smtpd_tls_session_cache_database = >>> btree:/var/lib/postfix/smtpd_tls_cache >>> smtpd_tls_session_cache_timeout = 3600s >>> tls_random_source = dev:/dev/urandom >>> unknown_local_recipient_reject_code = 550 >>> >>> postconf -m >>> >>> btree >>> cidr >>> environ >>> hash >>> ldap >>> mysql >>> nis >>> pcre >>> proxy >>> regexp >>> static >>> unix >>> >>> check_access.cf query: >>> >>> SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = >>> '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND >>> NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO") >>> >> >> How are you testing this? >> >> >> >>-- Noel Jones >> > > postmap -q 'x.x.x.x' mysql:/etc/postfix/access_check.cf > Hostname lookups are done before IP lookups. If the hostname lookup returns "DUNNO", the lookup stops and postfix moves on to the next restriction. The name lookup must return nothing. -- Noel Jones
Re: check_client_access in smtpd_client_restrictions
On 4/15/14, 3:33 PM, Noel Jones wrote: On 4/15/2014 3:25 PM, List wrote: On 4/15/14, 3:12 PM, Noel Jones wrote: On 4/15/2014 3:02 PM, List wrote: On 4/15/14, 2:50 PM, Noel Jones wrote: On 4/15/2014 2:27 PM, List wrote: I am running postfix 2.6.6 and trying to setup check_client_access using a mysql lookup under the smtpd_client_restrictions, which does not appear to be rejecting clients when the query returns "REJECT" (which has been confirmed to return "REJECT" using postmap -q xxx mysql:..). When I change it to look at a hash file with the same IP/REJECT entry it works perfectly, so I am wondering is using a mysql lookup not supported for check_client_access under smtpd_client_restrictions? Yes, it's supported. You've not given sufficient information for us to identify your mistake. -- Noel Jones Hopefully this is what you're looking for. postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_destination_recipient_limit = 1000 default_process_limit = 1000 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_size_limit = 52224000 mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 52224000 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = server.domain.tld mynetworks = $config_directory/mynetworks newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = relay.domain.tld sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_data_done_timeout = 900s smtp_data_init_timeout = 900s smtp_data_xfer_timeout = 900s smtp_helo_timeout = 900s smtp_mail_timeout = 900s smtp_tls_note_starttls_offer = yes smtpd_client_event_limit_exceptions = static:all smtpd_client_restrictions = check_client_access mysql:/etc/postfix/access_check.cf smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:1, check_client_access mysql:/etc/postfix/authb4smtp.cf, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.crt smtpd_tls_key_file = /etc/pki/tls/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 postconf -m btree cidr environ hash ldap mysql nis pcre proxy regexp static unix check_access.cf query: SELECT COALESCE( (SELECT "REJECT" FROM harvesters h WHERE h.ip = '%s' AND h.added BETWEEN DATE_SUB(NOW(), INTERVAL 30 MINUTE) AND NOW() GROUP BY h.ip HAVING COUNT(h.ip) > 1), "DUNNO") How are you testing this? -- Noel Jones postmap -q 'x.x.x.x' mysql:/etc/postfix/access_check.cf Hostname lookups are done before IP lookups. If the hostname lookup returns "DUNNO", the lookup stops and postfix moves on to the next restriction. The name lookup must return nothing. -- Noel Jones Ah, I was misunderstanding the access documentation. I removed the COALESCE entirely and just let it return a null value to satisfy the hostname lookup and it's working as expected now.
Preserve alias in header
I’m running Postfix version 2.10.2 using dovecot, mysql, and postfixadmin. The single server receives email for main.com, client.com and client.main.com. main.com has only one mailbox, m...@main.com. All mail for client.main.com is aliased to m...@main.com and then parsed by a ruby script to determine the mailbox and the subdomain (client in my example above, but there could be many different “clients”). Usually the the mailbox is a number that refers to a customer number. So, we receive email for 1...@client.main.com, it is delivered to m...@main.com and my script identifies customer 1234 for business client, processing the email accordingly. Client.com has several employees, and the server receives the email for all the employees at client with normal jsm...@client.com addresses. This all works great I want to set up an alias for resu...@client.com which will forward the mail to 9...@client.main.com. Any mail received will be forwarded to m...@main.com. Again, all works fine. The problem is that when my script pulls the email from m...@main.com’s mailbox, the alias 9...@client.main.com is not preserved in the header, and I lose the ability to process the email by my script. Is there some way to preserve the full history of aliasing that the email passes through?
Re: Preserve alias in header
Warren H. Prince: > Is there some way to preserve the full history of aliasing that > the email passes through? Nope. The final Postfix delivery agent adds X-Original-To: and Delivered-To: with the initial and final address. There is no record of intermediate steps. Wietse
