Local vs. relayed mail

2009-11-11 Thread Todd A. Jacobs
I'm currrently using Postfix on a pair of machines, one of which is a smarthost for the other. If I do something like this on the internal machine: mail -s Test nospam < /dev/null the mail is delivered locally, rather than through the smarthost. If I manually append the domain, though: m

Re: Proper location of permit_mynetworks for mailman

2009-01-27 Thread Todd A. Jacobs
On Mon, Jan 26, 2009 at 10:15:44PM +0100, mouss wrote: > This is useless. at this stage, the domain is yours (other domains have > been rejected by the anti-relay control: reject_unauth_destination). Nevertheless, if I don't put permit_mynetworks in both smtpd_client_restrictions and smtpd_recipi

Proper location of permit_mynetworks for mailman

2009-01-26 Thread Todd A. Jacobs
I'm running a mailman server, and was receiving a lot of errors like the following: Jan 26 07:36:39 host postfix/smtpd[13212]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= I figured the problem was that I didn't h

Re: Blocking certain outbound domains?

2009-01-26 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 09:19:07PM -0600, Noel Jones wrote: > This mail was submitted via the sendmail command, not via SMTP. > Postfix smtpd_*_restrictions operate only on mail submitted via SMTP. > The table will never be referenced. Hmmm. This should have been obvious in retrospect. Thanks for

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 03:14:09PM -0800, Todd A. Jacobs wrote: > debug_peer_list = 127.0.0.1 This setting doesn't do what I was hoping for. What I really wanted out of the debugging output was a way to see what rules postfix is matching on for permit/deny, sort of the way procmail d

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
For those who've asked, here's the updated output of 'postconf -n' after trying all the various suggestions I've gotten on-list and off: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases append_dot_mydomain = no biff = no boun

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 10:08:52PM +, Duane Hill wrote: > Are you sure 'secureserver.net' and/or 'smtp.secureserver.net' are MX > records for the RCPT TO domain of the message you think should be > getting rejected? Well, DNS says: $ host -t mx secureserver.net secureserver.net mail

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 01:49:02PM -0800, Todd A. Jacobs wrote: > If it's the first check, shouldn't all mail destined to the > secureserver.net MX be bounced? Why is it still going through? I'm curious to know whether setting relayhost is what is over-riding this behavio

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 11:07:53PM +0100, mouss wrote: > put permit_mynetworks reject_unauth_destination here please. Why would I put them at the top, when I specifically want /etc/postfix/mx_access to take precedence? I thought ordering was important. -- "Oh, look: rocks!" -- Doctor Wh

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 04:26:27PM -0500, Jorey Bump wrote: > Logically, it doesn't make sense to perform recipient checks before > you know the recipient. Okay, I'll buy that. But this still doesn't work: smtpd_delay_reject = yes smtpd_recipient_restrictions = check_recipie

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
Based on the feedback that I've gotten, I've made the following changes: smtpd_client_restrictions = check_recipient_mx_access hash:/etc/postfix/mx_access check_recipient_access hash:/etc/postfix/recipient_access check_client_access hash:/etc/postfix/domain

Re: Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
On Wed, Jan 21, 2009 at 10:54:49AM -0800, Todd A. Jacobs wrote: > I'm using postfix as a smarthost to forward mail through my upstream > ISP. Is there any way to have postfix resolve the MX record of the > destination domain and block outgoing mail on that basis? So far, this is

Blocking certain outbound domains?

2009-01-21 Thread Todd A. Jacobs
After about three months of trying to get secureserver.net to fix their highly-broken systems, I'd like to block all emails destined to all virtual domains hosted by them. However, I'm not quite sure how to do this with my setup. I'm using postfix as a smarthost to forward mail through my upstream