Re: build failure with gcc-10
On Mon, Jan 20, 2020 at 06:57:34PM +0300, Eray Aslan wrote: > On Mon, Jan 20, 2020 at 10:38:09AM -0500, Wietse Venema wrote: > > Eray Aslan: > > > gcc-10 flipped a default from -fcommon to -fno-common[1] resulting in > > > the following errors while building postfix-3.5-20200112. Simple > > > reproducer on an older gcc is to add -fno-common to CFLAGS. > > > > Try this. > > Works. Thank you Spoke too soon. Had to apply the following patch on top of postfix-3.5-20200112 Eray --- a/src/global/mail_params.h 2020-01-21 10:52:36.025753878 +0300 +++ b/src/global/mail_params.h 2020-01-21 10:53:11.173763126 +0300 @@ -3983,23 +3983,23 @@ #define VAR_TLSP_CLNT_USE_TLS "tlsproxy_client_use_tls" #define DEF_TLSP_CLNT_USE_TLS "$" VAR_SMTP_USE_TLS -boolvar_tlsp_clnt_use_tls; +extern boolvar_tlsp_clnt_use_tls; #define VAR_TLSP_CLNT_ENFORCE_TLS "tlsproxy_client_enforce_tls" #define DEF_TLSP_CLNT_ENFORCE_TLS "$" VAR_SMTP_ENFORCE_TLS -boolvar_tlsp_clnt_enforce_tls; +extern boolvar_tlsp_clnt_enforce_tls; #define VAR_TLSP_CLNT_LEVEL"tlsproxy_client_level" #define DEF_TLSP_CLNT_LEVEL"$" VAR_SMTP_TLS_LEVEL -char *var_tlsp_clnt_level; +extern char *var_tlsp_clnt_level; #define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site" #define DEF_TLSP_CLNT_PER_SITE "$" VAR_SMTP_TLS_PER_SITE -char *var_tlsp_clnt_per_site; +extern char *var_tlsp_clnt_per_site; #define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy" #define DEF_TLSP_CLNT_POLICY "$" VAR_SMTP_TLS_POLICY -char *var_tlsp_clnt_policy; +extern char *var_tlsp_clnt_policy; /* * SMTPD "reject" contact info. --- a/src/smtpd/smtpd_expand.h 2014-12-07 03:35:34.0 +0200 +++ b/src/smtpd/smtpd_expand.h 2020-01-21 11:30:10.270425259 +0300 @@ -18,7 +18,7 @@ /* * External interface. */ -VSTRING *smtpd_expand_filter; +extern VSTRING *smtpd_expand_filter; voidsmtpd_expand_init(void); const char *smtpd_expand_lookup(const char *, int, void *); int smtpd_expand(SMTPD_STATE *, VSTRING *, const char *, int); --- a/src/trivial-rewrite/trivial-rewrite.h 2014-10-06 18:02:16.0 +0300 +++ b/src/trivial-rewrite/trivial-rewrite.h 2020-01-21 11:29:36.411409526 +0300 @@ -23,7 +23,7 @@ /* * Connection management. */ -int server_flags; +extern int server_flags; /* * rewrite.c --- a/src/postconf/postconf.h 2018-02-19 04:43:29.0 +0300 +++ b/src/postconf/postconf.h 2020-01-21 11:29:07.851401023 +0300 @@ -152,7 +152,7 @@ * Lookup table for master.cf entries. The table is terminated with an entry * that has a null argv member. */ -PCF_MASTER_ENT *pcf_master_table; +extern PCF_MASTER_ENT *pcf_master_table; /* * Line-wrapping support. -- Eray
Re: Allow relay from certain IPs AND allow only certain senders
Thanks Viktor, I solved the problem with your advices. Il giorno lun 20 gen 2020 alle ore 11:31 Vu Ngoc VU ha scritto: > > Date: Mon, 20 Jan 2020 11:00:11 > > From: Viktor Dukhovni > > Reply-To: postfix-users@postfix.org > > To: postfix-users@postfix.org > > Subject: Re: Allow relay from certain IPs AND allow only certain senders > > > # Also, no relaying by unauthorized senders > > smtp_sender_restrictions = > > check_sender_access hash:/etc/postfix/allowed_senders, > > reject_unauth_destination > > Hello, should it be smtpd_sender_restrictions? >
What does check_sender_access checks?
Hi; I made a filter to let postfix relay messages from specific senders. I tested the filter via telnet (mail from: rcpt to: data …) on the postfix server and it was doing ok. But, after deployment, the filter is failing and I suppose that it may be due to the Return-Path field on the "real" message. Any clue? Thank you. This is on my main.cf: smtpd_relay_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, check_sender_access hash:/etc/postfix/senders, check_recipient_access hash:/etc/postfix/users_internet_mail, reject And this is on the "real" message: . . . From: To: . . . Return-Path: f9895e47.ANEAAF6zi2UAAKnhCGkAASpLLm4AAA0fMwBeHFnT@another.domain -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: What does check_sender_access checks?
On Tue, 21 Jan 2020 at 12:54, rdquiterio wrote: > Hi; > > I made a filter to let postfix relay messages from specific senders. I > tested the filter via telnet (mail from: rcpt to: data …) on the postfix > server and it was doing ok. > > But, after deployment, the filter is failing and I suppose that it may be > due to the Return-Path field on the "real" message. > > Any clue? Thank you. > > This is on my main.cf: > > smtpd_relay_restrictions = >reject_unauth_pipelining, >reject_non_fqdn_recipient, >reject_invalid_hostname, >reject_non_fqdn_hostname, >reject_non_fqdn_sender, >reject_unknown_sender_domain, >reject_unknown_recipient_domain, >check_sender_access hash:/etc/postfix/senders, >check_recipient_access hash:/etc/postfix/users_internet_mail, >reject > > > And this is on the "real" message: > > . > . > . > > From: > To: > . > . > . > > Return-Path: > > f9895e47.ANEAAF6zi2UAAKnhCGkAASpLLm4AAA0fMwBeHFnT@another.domain > check_sender_access checks against the envelope sender (i.e. the return-path), not the 'From:' header. If you want to check the 'From:' header, use header_checks.
Re: Port 25 closed on bulk sending servers
Thank you all for your insightful replies. Sam. On 15/01/2020 15:24, Bill Cole wrote: > On 15 Jan 2020, at 7:56, Sam Tuke wrote: > >> I noticed that newsletters which I receive from large firms are typically >> sent from servers which have port 25 closed. >> >> Is it common practice to close port 25 on bulk sending servers? > > Yes, and not only for bulk sending servers. > >> Should we do this for Postfix servers which serve the same role? What's the >> advantage? > > It is quite common for inbound and outbound email to be handled by separate > systems. In environments using internal mail servers that aren't good at spam > exclusion and/or have a general pattern of chronic insecurity (e.g. Exchange) > it is not uncommon to have them sending outbound mail from behind a very > strict firewall and/or NAT with no listeners exposed to the world and to > receive via a more robust platform for dealing with mail from the Internet. > >> Maybe the MTAs that such senders use are so customised as to be capable of >> only sending, not receiving, mail? > > There's some of that for very large senders, but in the modern age of almost > everything being virtual, it is also just simpler to disperse essentially > independent functions onto independent systems, with each specifically > configured and scaled to their role. In DNS this has meant splitting > authoritative servers and resolvers. In email this has meant a more diverse > split, with public MXs, initial mail submission handlers, outbound queue > handlers, mailstore management & access, and internal distribution > potentially being autonomous systems. This can simplify the configuration of > each system and make securing them less challenging. >
Re: What does check_sender_access checks?
Ok. In this case the Return-Path is kinda random, so there's no use to it. On the other hand, looking to the headers_checks examples I cannot see how could I allow all mail from a specific "Mail From:" to be relayed? Is it possible? Thank you. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Re: What does check_sender_access checks?
On 21.01.20 07:08, rdquiterio wrote: In this case the Return-Path is kinda random, so there's no use to it. return-path is header where the MDA uses to store original envelope from, but usually not a real header. On the other hand, looking to the headers_checks examples I cannot see how could I allow all mail from a specific "Mail From:" to be relayed? Is it possible? no. the "mail from:" is not a header, but an envelope from address, so you must use check_sender_access instead. However, you should not allow relaying based on envelope from address. Maybe on SMTP authentication or source IP address. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: What does check_sender_access checks?
Ok. Thank you very much, Dominic. -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Forward/Filter email by sender
Hi, i 've a question, i need to forward all email received with a specified sender (external domain) to local domain address (suppose local postfix domain is "example.com"). For examples: all email with sender x...@gmail.com need to be forwarded to a i...@example.com. Is It possible to do it please? Thanks a lot. -- Rispetta l'ambiente: se non ti è necessario, non stampare questa mail. Le informazioni contenute in questa e-mail e nei files eventualmente allegati sono destinate unicamente ai destinatari della stessa e sono da considerarsi strettamente riservate. E' proibito copiare, salvare, utilizzare, inoltrare a terzi e diffondere il contenuto della presente senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n. 196/2003. Se avete ricevuto questo messaggio per errore siete pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di cancellarne il contenuto senza procedere ad ulteriore o differente trattamento. ** Ing. Matteo Cazzador NetLite snc di Cazzador Gagliardi Corso Vittorio Emanuele II, 188 37069 Villafranca di Verona VR Tel 0454856656 Fax 0454856655 Email: mat...@netlite.it Web: http://www.netlite.it **
Re: Forward/Filter email by sender
Matteo Cazzador:
[ Charset ISO-8859-15 converted... ]
> Hi, i 've a question, i need to forward all email received with a
> specified sender (external domain) to local domain address (suppose
> local postfix domain is "example.com").
>
> For examples:
>
> all email with sender x...@gmail.com?? need to be forwarded to a
> i...@example.com.
>
> Is It possible to do it please?
Configuration:
/etc/postfix/main.cf:
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual:
x...@gmail.com i...@example.com
Commands:
# postmap hash:/etc/postfix/virtual
# postfix reload
Alternative:
/etc/postfix/main.cf:
virtual_alias_maps = inline:{x...@gmail.com=i...@example.com}
# postfix reload
Requires Postfix 3.0 or later.
Wietse
Re: Forward/Filter email by sender
On Tue, Jan 21, 2020 at 01:02:11PM -0500, Wietse Venema wrote: > > Hi, i 've a question, i need to forward all email received with a > > specified sender (external domain) to local domain address (suppose > > local postfix domain is "example.com"). Note, the OP said "sender" (address). > > all email with sender x...@gmail.com?? need to be forwarded to a > > i...@example.com. > > > > Is It possible to do it please? > > Configuration: > > /etc/postfix/main.cf: > virtual_alias_maps = hash:/etc/postfix/virtual > > /etc/postfix/virtual: > x...@gmail.com i...@example.com This rewrites a recipient. Bcc'ing based on sender can be done with "sender_bcc_maps". Redirecting all mail from a sender can be done with a "REDIRECT" action in an access(5) table used with "check_sender_access". -- Viktor.
Re: Forward/Filter email by sender
Viktor Dukhovni: > On Tue, Jan 21, 2020 at 01:02:11PM -0500, Wietse Venema wrote: > > > > Hi, i 've a question, i need to forward all email received with a > > > specified sender (external domain) to local domain address (suppose > > > local postfix domain is "example.com"). > > Note, the OP said "sender" (address). Aargh. > This rewrites a recipient. Bcc'ing based on sender can be done with > "sender_bcc_maps". Redirecting all mail from a sender can be done with > a "REDIRECT" action in an access(5) table used with > "check_sender_access". Agreed, redirect or sender_bcc_maps, depending on the purpose. Wietse
