Re: Disable unauthenticated sending of OUTGOING email for all local users
El 29/12/20 a las 16:30, Wietse Venema escribió: Ignacio Garc?a: Hello there, and thanks so much for your help I've got a web+mail server in the same machine. PHP's mail function is disabled, but other 3rd party functions such as PHPMailer can use sendmail to potentially send emails, as if I was invoking it from a shell echo hello | sendmail m...@email.com Unlike submission with SMTP, Postfix has no destination access controls for email that is submitted with the Postfix sendmail command. However, you can disable Postfix sendmail submission from web applications. There is a documented example: http://www.postfix.org/postconf.5.html#authorized_submit_users Wietse Thanks Wietse. authorized_submit_users along with a script to generate a file did the trick. Cheers, Ignacio
Re: Disable unauthenticated sending of OUTGOING email for all local users
Ignacio Garc?a: > Hi Wietse and thanks for your reply > > > Since I just want to block all users with a web site, and my all web > users are web*1*, web*2 *... web*/n/* Can I use a wildcard such as this > for the (non-)authorized users? Use regexp: or pcre:. http://www.postfix.org/postconf.5.html#authorized_submit_users Specify a list of user names, "/file/name" or "type:table" patterns, separated by commas and/or whitespace. The list is matched left to right, and the search stops on the first match. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a name matches a lookup key (the lookup result is ignored). Example: /etc/postfix/main.cf: authorized_submit_users = !pcre:/etc/postfix/authorized-users, ... /etc/postfix/authorized-users: # See postconf.5.html#authorized_submit_users # A "type:table" lookup table is matched when a name matches a # lookup key (the lookup result is ignored). /^web.+/ whatever Wietse
Using header_checks to file mail into junk folder
Hi all, I'm trying to use milter_header_checks to file messages into users Junk folder but I'm having issues formatting the FILTER response in my header check file. I've added the following to my main.cf: 10025 inet n - n - - smtpd -o smtpd_tls_security_level=may -o smtpd_relay_restrictions=permit_mynetworks,reject -o inet_interfaces=loopback-only -o receive_override_options=no_header_body_checks -o local_recipient_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf -o virtual_alias_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf -o inet_interfaces=loopback-only My /etc/postfix/milter_header_checks file: /^X-Spam-Status:\s+Yes$/FILTER localhost:10025 I'm using EFA project as an external mail filter. Whenever spam is encountered EFA adds 'X-Spam-Status: Yes' to the message header before forwarding the message to my mail server for delivery. The idea was to route messages with the 'X-Spam-Status: Yes' header to another instance of Postfix listening on localhost:10025 which overrides the local_recipient_maps and virtual_alias_maps with the users Junk folder. I've read the header_checks man page and I'm still a bit confused as to what the FILTER response in my /etc/postfix/milter_header_checks file is supposed to look like. During testing my messages keep getting stuck in the queue with a 'status=deferred (mail transport unavailable)' error. Thanks, Chris
Re: Using header_checks to file mail into junk folder
Christopher Walker: > Hi all, > > I'm trying to use milter_header_checks to file messages into users > Junk folder but I'm having issues formatting the FILTER response in my > header check file. > > I've added the following to my main.cf: > 10025 inet n - n - - smtpd > -o smtpd_tls_security_level=may > -o smtpd_relay_restrictions=permit_mynetworks,reject > -o inet_interfaces=loopback-only > -o receive_override_options=no_header_body_checks > -o > local_recipient_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf > -o > virtual_alias_maps=hash:/etc/postfix/virtual,ldap:/etc/postfix/virtual_junk.cf > -o inet_interfaces=loopback-only > > My /etc/postfix/milter_header_checks file: > /^X-Spam-Status:\s+Yes$/FILTER localhost:10025 You mean: smtp:localhost:10025. You have to specify a delivery service (name in master.cf) before the destination (localhost:10025). > I'm using EFA project as an external mail filter. Whenever spam is > encountered EFA adds 'X-Spam-Status: Yes' to the message header before Your configuration suggests something different: - The Milter adds 'X-Spam-Status: Yes' - The milter_header_checks sends mail with such a header over SMTP to localhost:10025. Wietse
