[pfx] Re: Access control review

On Wed, Mar 29, 2023 at 02:17:52PM +0200, Matus UHLAR - fantomas via Postfix-users wrote: > On 28.03.23 12:15, Viktor Dukhovni via Postfix-users wrote: > >You don't need and generally don't want to apply: > > > >reject_unknown_recipient_domain > > > >to inbound traffic on port 25. A brief gl

[pfx] Re: Access control review

On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users wrote: smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_mynetworks permit_sasl_authenticated reject_unauth_destination On 28.03.23 12:15, Viktor Dukhovn

[pfx] Re: Access control review

On Tue, 28 Mar 2023 at 18:15, Viktor Dukhovni via Postfix-users < postfix-users@postfix.org> wrote: > On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users > wrote: > > > smtpd_recipient_restrictions = > > reject_non_fqdn_recipient > > reject_unknown_recipient_domain >

[pfx] Re: Access control review

On Tue, Mar 28, 2023 at 08:42:42AM +0200, Mihaly Zachar via Postfix-users wrote: > smtpd_recipient_restrictions = > reject_non_fqdn_recipient > reject_unknown_recipient_domain > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination You don't need and genera

Re: access list ordering

Hi, > > Following up with my other email, I think I can ask the question more > > directly. > > Off hand, I did not see any questions in your post. Yes, I think I was just generally confused :-) > > I found it was necessary to have an entry in a check_recipient_access > > map with the old addre

Re: access list ordering

On Sat, Apr 09, 2022 at 05:58:33PM -0400, Alex wrote: > Following up with my other email, I think I can ask the question more > directly. Off hand, I did not see any questions in your post. > I found it was necessary to have an entry in a check_recipient_access > map with the old address as wel

Re: Access table info and warn actions

Togan Muftuoglu: > So both INFO and WARN log the relevant information but what do they do > differently ? They log a "info" or "warning" prefix string, and use a different numerical severity: LOG_INFO informational message LOG_WARNINGwarning conditions (for other levels s

Re: How to get mailing list archives or re-access previously sent messages?

On 19 Apr 2019, at 0:36, ecsd wrote: As usual my futzing with the mail system provoked an issue whereby the system discarded the last however many emails from the postfix list. Where can I go search for them, or can I request a resend-sent-since-datetime? Most of today was trashed. There's a

How to get mailing list archives or re-access previously sent messages?

As usual my futzing with the mail system provoked an issue whereby the system discarded the last however many emails from the postfix list. Where can I go search for them, or can I request a resend-sent-since-datetime? Most of today was trashed.

Re: Access denied when trying to send from localhost

Matus UHLAR - fantomas skrev den 2017-12-01 20:40: On 1/12/2017 1:58 πμ, Benny Pedersen wrote: or add permit_mynetworks instead of check_client_access On 01.12.17 09:25, Nikolaos Milas wrote: I don't want to permit_mynetworks, because I want to force clients to sasl-authenticate (with the exc

Re: Access denied when trying to send from localhost

On 1/12/2017 1:58 πμ, Benny Pedersen wrote: or add permit_mynetworks instead of check_client_access On 01.12.17 09:25, Nikolaos Milas wrote: I don't want to permit_mynetworks, because I want to force clients to sasl-authenticate (with the exception of localhost). don't include those clients

Re: Access denied when trying to send from localhost

On 1/12/2017 4:09 πμ, Rodrigo Cunha wrote: Change This: mynetworks = 195.251.204.0/24 , 195.251.202.0/23 , 194.177.194.0/23 , 127.0.0.0/8 , 10.201.0.0/16 , [2001:648:2011::]/4

Re: Access denied when trying to send from localhost

On 1/12/2017 1:58 πμ, Benny Pedersen wrote: change hash to cidr I have already tried cidr with no luck: smtpd_recipient_restrictions =   check_client_access cidr:/etc/postfix/localhost.cidr   check_recipient_access hash:/etc/postfix/protected_destinations   permit_sasl_authenticated   reject_

Re: Access denied when trying to send from localhost

back up, ok. Change this line, append "127.0.0.1/8" Change This: mynetworks = 195.251.204.0/24, 195.251.202.0/23, 194.177.194.0/23, 127.0.0.0/8, 10.201.0.0/16, [2001:648:2011::]/48, 83.212.5.24/29, [2001:648:2ffc:1115::]/64, 62.217.124.0/29, [2001:648:2ffc:126::]/64 change that for this mynetwor

Re: Access denied when trying to send from localhost

> On Nov 30, 2017, at 6:50 PM, Nikolaos Milas wrote: > > smtpd_recipient_restrictions = > check_client_access hash:/etc/postfix/localhost > check_recipient_access hash:/etc/postfix/protected_destinations > permit_sasl_authenticated > reject_unverified_recipient > reject_unauth_destina

Re: Access denied when trying to send from localhost

Nikolaos Milas skrev den 2017-12-01 00:50: smtpd_recipient_restrictions =   check_client_access hash:/etc/postfix/localhost What am I doing wrong? change hash to cidr or add permit_mynetworks instead of check_client_access

Re: access table enhanced smtp status code optional text

Mp Mptri: > Hi, > > I use access tables with reject codes and optional status codes and going > to add some optional text. My question is regarding this text: > Are there any restrictions to this in length or special characters? Is > there any rfc document on this? The following come to mind, ref

Re: Access table lookup not as expected

ignore the previous message it was sent in the wrong thread, apologies for the noise.

Re: Access table lookup not as expected

On 12/23/2016 05:29 PM, John Fawcett wrote: > On 12/23/2016 03:34 PM, Dominic Raferd wrote: >> On 23/12/2016 14:27, John Fawcett wrote: >>> On 12/23/2016 03:13 PM, Dominic Raferd wrote: Obviously I am being thick but can someone explain why this does not work as I would expect. Basically

Re: Access table lookup not as expected

On 12/23/2016 03:34 PM, Dominic Raferd wrote: > On 23/12/2016 14:27, John Fawcett wrote: >> On 12/23/2016 03:13 PM, Dominic Raferd wrote: >>> Obviously I am being thick but can someone explain why this does not >>> work as I would expect. Basically email addresses are not matching >>> against domai

Re: Access table lookup not as expected

On 23/12/2016 14:27, John Fawcett wrote: On 12/23/2016 03:13 PM, Dominic Raferd wrote: Obviously I am being thick but can someone explain why this does not work as I would expect. Basically email addresses are not matching against domain names in a hashed database: $ postconf|grep "^parent_doma

Re: Access table lookup not as expected

On 12/23/2016 03:13 PM, Dominic Raferd wrote: > Obviously I am being thick but can someone explain why this does not > work as I would expect. Basically email addresses are not matching > against domain names in a hashed database: > > $ postconf|grep "^parent_domain_matches_subdomains.*smtpd_access

Re: access map fallthrough - prevent lookup of IP address

Roel van Meer writes: I was wondering if it is possible to return something (other than OK) on the first pass, so the second lookup does not happen? So, something like DUNNO, that prevents further lookups in the same map, and immediately continues in the next map. Ok, this is exactly what

Re: Access to Postscreen DNSBL score in SpamAssassin

On 21 Jun 2015, at 16:34, Robin McCorkell wrote: it still makes it clunky to have the weighting and blocklist configuration in two places. On the other hand, it can be convenient to have distinct configurations in places where different sets of facts can be known. For example: I use some D

Re: Access to Postscreen DNSBL score in SpamAssassin

On 21/06/2015 9:31 PM, Wietse Venema wrote: > It's not as wasteful as you might think; the answers are still cached > in the DNS server. The postscreen daemon does not receive mail and > consequently does not modify message content. It can, however, pass > along some data as it hands off a connecti

Re: Access to Postscreen DNSBL score in SpamAssassin

Robin McCorkell: > Hi, > > I'm setting up an MTA, and as part of the spam filtering process I'm > using SpamAssassin via amavisd-new. However, this is running on a small > box, with little CPU, so I also use postscreen to filter most messages > before the expensive heuristics run. > > Currently,

Re: Access from $mynetworks denied

On 1/16/2015 3:26 AM, M. Fioretti wrote: > Greetings, > > I have just "inherited" a postfix 2.6.6 server running on a Centos 6 > server, whose postconf -n output is pasted below. > > Everything seems fine to me (but of course any pointer to security > holes, or possibilities for improvement is we

Re: Access from $mynetworks denied

M. Fioretti: > On 2015-01-16 14:18, li...@rhsoft.net wrote: > > > *do not* mask public informations, especially if you fail to mask it > > on all places... > > Indeed I did. As I said in or between the lines I'm not particularly > "present" these days... So yes, that is the ONLY IP address invol

Re: Access from $mynetworks denied

On 2015-01-16 14:18, li...@rhsoft.net wrote: *do not* mask public informations, especially if you fail to mask it on all places... Indeed I did. As I said in or between the lines I'm not particularly "present" these days... So yes, that is the ONLY IP address involved in $mynetworks and in e

Re: Access from $mynetworks denied

Am 16.01.2015 um 10:26 schrieb M. Fioretti: I have just "inherited" a postfix 2.6.6 server running on a Centos 6 server, whose postconf -n output is pasted below. Everything seems fine to me (but of course any pointer to security holes, or possibilities for improvement is welcome!) except one t

Re: access maps for smtpd_client_event_limit_exceptions

On Fri, Jul 25, 2014 at 05:22:58PM -0400, Wietse Venema wrote: > Will Yardley: > > Ah, but in my case, I am using '.domain.tld' vs. 'domain.tld', so I > > guess my original question really was, does .domain.tld match subdomains > > for $mynetworks / $smtpd_client_event_limit_exceptions when specifi

Re: access maps for smtpd_client_event_limit_exceptions

Will Yardley: > Ah, but in my case, I am using '.domain.tld' vs. 'domain.tld', so I > guess my original question really was, does .domain.tld match subdomains > for $mynetworks / $smtpd_client_event_limit_exceptions when specified in > that way? In the case of mynetworks, it depends on the presenc

Re: access maps for smtpd_client_event_limit_exceptions

On Fri, Jul 25, 2014 at 10:09:08AM -0400, Wietse Venema wrote: > Will Yardley: > > > Actually, behavior depends on the parent_domain_matches_subdomains > > > setting. > So the present behavior is as if smtpd_client_event_limit_exceptions > is not listed in parent_domain_matches_subdomains. It bor

Re: access maps for smtpd_client_event_limit_exceptions

Will Yardley: > > Actually, behavior depends on the parent_domain_matches_subdomains > > setting. The default setting includes mynetworks, meaning that > > example.com will match host.example.com by default. With mynetworks > > removed from from parent_domain_matches_subdomains, .example.com > > w

Re: access maps for smtpd_client_event_limit_exceptions

> Actually, behavior depends on the parent_domain_matches_subdomains > setting. The default setting includes mynetworks, meaning that > example.com will match host.example.com by default. With mynetworks > removed from from parent_domain_matches_subdomains, .example.com > will match host.example.c

Re: access maps for smtpd_client_event_limit_exceptions

Wietse Venema: > Wietse Venema: > > Will Yardley: > > > On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote: > > > > This isn't an access map, and doesn't have the network notation > > > > searches built into access maps. See the docs on mynetworks for the > > > > syntax supported here: > >

Re: access maps for smtpd_client_event_limit_exceptions

Wietse Venema: > Will Yardley: > > On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote: > > > This isn't an access map, and doesn't have the network notation > > > searches built into access maps. See the docs on mynetworks for the > > > syntax supported here: > > > http://www.postfix.org/po

Re: access maps for smtpd_client_event_limit_exceptions

Will Yardley: > On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote: > > This isn't an access map, and doesn't have the network notation > > searches built into access maps. See the docs on mynetworks for the > > syntax supported here: > > http://www.postfix.org/postconf.5.html#mynetworks >

Re: access maps for smtpd_client_event_limit_exceptions

On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote: > This isn't an access map, and doesn't have the network notation > searches built into access maps. See the docs on mynetworks for the > syntax supported here: > http://www.postfix.org/postconf.5.html#mynetworks > > It might be easiest t

Re: access maps for smtpd_client_event_limit_exceptions

On Mon, Jul 21, 2014 at 04:42:57PM -0500, Noel Jones wrote: > > It might be easiest to use a flat file, which allows both names and > networks, rather than a hash: or cidr: table. Thanks - I think this is how it was setup at one point, and that explains why. w

Re: access maps for smtpd_client_event_limit_exceptions

On 7/21/2014 4:25 PM, Will Yardley wrote: > We have: > smtpd_client_event_limit_exceptions = > 192.168.0.0/16,127.0.0.1,cidr:/etc/postfix/config/white_list,hash:/etc/postfix/config/white_list_internal_servers,hash:/etc/postfix/config/anvil_whitelist > > configured for Anvil. The last file is for

Re: access

don magnify skrev den 2013-12-11 23:52: i have a machine heavily hit with a bunch of from=<> messages... post postconf -n my guess is that you use smtp auth to your google account and the recipient does not exists, then google bounce since it authed mail sender :) only a wild guess

Re: access

Re: blocking with iptables try this script it works a treat - see my notes at the bottom of the page for minor fixes: http://blog.exeko.com/2008/06/stop-spam-flood-postfix-iptables/ > On 12/12/2013, at 11:52 am, don magnify wrote: > > > > hi all > > i have a machine heavily hit with a

Re: access

thanks noel... On Wed, Dec 11, 2013 at 6:20 PM, Noel Jones wrote: > On 12/11/2013 4:52 PM, don magnify wrote: > > > > > > hi all > > > > i have a machine heavily hit with a bunch of from=<> messages... > > [Please post in plain text only - the HTML markup makes the logs > difficult to read]

Re: access

On 12/11/2013 4:52 PM, don magnify wrote: > > > hi all > > i have a machine heavily hit with a bunch of from=<> messages... [Please post in plain text only - the HTML markup makes the logs difficult to read] For non-delivery notices, the BACKSCATTER_README is helpful. http://www.postfix.o

Re: access

On Wed, Dec 11, 2013 at 05:52:44PM -0500, don magnify wrote: > my /etc/postfix/access looks like: > > .eigbox.net DISCARD > .yourhostingaccount.com DISCARD Perhaps you're a victim of the dreaded p_d_m_s: http://www.postfix.org/postconf.5.html#parent_domain_matche

Re: access

thanks wietse.. i saw that earlier i was just hoping to avoid writing regular expressions... On Wed, Dec 11, 2013 at 6:02 PM, Wietse Venema wrote: > don magnify: > > i have a machine heavily hit with a bunch of from=<> messages... > ... > > my queue is growing very big and can't really figure

Re: access

If its a small number of ip addresses trying to connect you might also want to just block them with iptables too: iptables -I INPUT -s 209.85.216.175 -j DROP iptables -I INPUT -s 209.85.216.176 -j DROP That line for each ip, then restart iptables On Wed, Dec 11, 2013 at 5:52 PM, don magnify w

Re: access

don magnify: > i have a machine heavily hit with a bunch of from=<> messages... ... > my queue is growing very big and can't really figure out how do i drop > this connections and do not reply to them at all... See: http://www.postfix.org/BACKSCATTER_README.html Wietse

Re: access map as smtpd_sender_restrictions value

Viktor Dukhovni dukhovni.org> writes: > > On Fri, Aug 30, 2013 at 06:52:52PM +0200, Fabio Sangiovanni wrote: > > > I've noticed that the syntax: > > > > smtpd_sender_restrictions = pcre:/etc/postfix/sender_access > > > > is valid, and by all means as effective as: > > > > smtpd_sender_re

Re: access map as smtpd_sender_restrictions value

On Fri, Aug 30, 2013 at 06:52:52PM +0200, Fabio Sangiovanni wrote: > I've noticed that the syntax: > > smtpd_sender_restrictions = pcre:/etc/postfix/sender_access > > is valid, and by all means as effective as: > > smtpd_sender_restrictions = > check_sender_access pcre:/etc/postfix/sender

Re: Access Map

Zitat von DN Singh : Hello group, I was configuring some restrictions on the Postfix level using access map. It is in has format. It is has a pretty good number of domains in it. So, I was wondering, how large can be the file, without affecting the performance? These are configured in recipient

Re: Access Policy Server And Sendmail

afshin afzali: > Hi Guys, > > I would like to know that does email send by sendmail check by access policy > server? The Postfix sendmail command does not use a policy server, but it has its own access mechanism by username. /etc/postfix/main.cf: authorized_submit_users = !foo, !bar, static:

Re: Access Policy Server And Sendmail

Am 08.09.2011 08:56, schrieb afshin afzali: > Hi Guys, > > I would like to know that does email send by sendmail check by access policy > server? no do not allow users terminal access and in the case of a webserver use smtp with authentication on the ethernet-ip and disable listening on 127.0

Re: access(5) "OTHER ACTIONS" question

In message <3qpvhy2tqszh...@spike.porcupine.org>, Wietse wrote: >> It sounds to me like you are saying that... >> >>:= | >> ( [,])* [] > >No, I wrote: > >One line NOT starting with REJECT or PREPEND etc., containing OTHER >ACTIONS (note plural) than REJECT or PREPEND etc.

Re: access(5) "OTHER ACTIONS" question

> It sounds to me like you are saying that... > >:= | >( [,])* [] No, I wrote: One line NOT starting with REJECT or PREPEND etc., containing OTHER ACTIONS (note plural) than REJECT or PREPEND etc. Therefore: result = special | notspecial+ Learn to read what I write, no

Re: access(5) "OTHER ACTIONS" question

On Mon, Jun 06, 2011 at 08:08:58PM -0700, Ronald F. Guilmette wrote: > It sounds to me like you are saying that... > >:= | >( [,])* [] No, := | ( [,])* [] := REJECT [text] | OK [text] | 4NN [text]

Re: access(5) "OTHER ACTIONS" question

In message <3qpbvm2dkczh...@spike.porcupine.org>, Wietse Venema wrote: >> If I have understood you correctly, you have said that for every kind/type >> of ACTION specification listed in access(5) _other_ than REJECT & PREPEND >> it is possible to combine that ACTION specification (and its assso

Re: access(5) "OTHER ACTIONS" question

Ronald F. Guilmette: > > In message <3qp73y409zzh...@spike.porcupine.org>, you wrote: > > >Ronald F. Guilmette: > >> > >> In the access(5) man page, it is either explicitly stated or else > >> easily inferred what XXX response value will be sent back to the > >> SMTP client for each of the possi

Re: access(5) "OTHER ACTIONS" question

On Mon, Jun 06, 2011 at 03:20:47PM -0700, Ronald F. Guilmette wrote: > |ACCEPT ACTIONS > | OK > | all-numerical > | > |REJECT ACTIONS > | 4NN text > | 5NN text > | REJECT optional text... Yes, but with actions that are a list of restriction primitives, the the result

Re: access(5) "OTHER ACTIONS" question

In message <20110606215604.gu8...@np305c2n2.ms.com>, Viktor wrote: >On Mon, Jun 06, 2011 at 02:46:46PM -0700, Ronald F. Guilmette wrote: > >> Unfortunately, I'm still not clear on any of this. You said "With actions >> that are equivalent to DUNNO...". This begs the question. Which ones are >>

Re: access(5) "OTHER ACTIONS" question

In message <3qp73y409zzh...@spike.porcupine.org>, you wrote: >Ronald F. Guilmette: >> >> In the access(5) man page, it is either explicitly stated or else >> easily inferred what XXX response value will be sent back to the >> SMTP client for each of the possible values listed in the ACCEPT >> AC

Re: access(5) "OTHER ACTIONS" question

On Mon, Jun 06, 2011 at 02:46:46PM -0700, Ronald F. Guilmette wrote: > Unfortunately, I'm still not clear on any of this. You said "With actions > that are equivalent to DUNNO...". This begs the question. Which ones are > those? The *obvious ones*. If an action is clearly a final OK that termi

Re: access(5) "OTHER ACTIONS" question

In message <20110606203126.go8...@np305c2n2.ms.com>, you wrote: >On Mon, Jun 06, 2011 at 01:16:07PM -0700, Ronald F. Guilmette wrote: > >> >> In the access(5) man page, it is either explicitly stated or else >> easily inferred what XXX response value will be sent back to the >> SMTP client for e

Re: access(5) "OTHER ACTIONS" question

Ronald F. Guilmette: > > In the access(5) man page, it is either explicitly stated or else > easily inferred what XXX response value will be sent back to the > SMTP client for each of the possible values listed in the ACCEPT > ACTIONS and REJECT ACTIONS sections. > > What XXX response values will

Re: access(5) "OTHER ACTIONS" question

On Mon, Jun 06, 2011 at 01:16:07PM -0700, Ronald F. Guilmette wrote: > > In the access(5) man page, it is either explicitly stated or else > easily inferred what XXX response value will be sent back to the > SMTP client for each of the possible values listed in the ACCEPT > ACTIONS and REJECT ACT

Re: Access based on client cert attributes?

On Fri, Mar 26, 2010 at 12:52:55PM +0100, Dick Visser wrote: > > Having noticed the many pitfalls of parsing X.509 certs, and written > > careful code to parse them (and avoided Postfix being linked to > > vulnerabilities later found in most certificate parsers), I am reluctant > > to ask Postfix

Re: Access based on client cert attributes?

On 23/03/2010 16:41, Victor Duchovni wrote: > Having noticed the many pitfalls of parsing X.509 certs, and written > careful code to parse them (and avoided Postfix being linked to > vulnerabilities later found in most certificate parsers), I am reluctant > to ask Postfix users to write robust X.5

Re: Access based on client cert attributes?

On Tue, Mar 23, 2010 at 10:10:44AM -0400, Wietse Venema wrote: > > * issuer "TERENA Personal CA" > > * O=TERENA > > * C=NL > > > > I guess what I am looking for is a new restriction called something like > > "check_ccert_attr", that would use user defined attributes to take > > decisions. That wo

Re: Access based on client cert attributes?

Dick Visser: > Hi guys > > At the moment we use SASL authentication to allow our users to > send mail through our mailer (Postfix 2.5). I would like to extend this > to using client certificates for authentication as well. > > Our users have personal certificates that are signed by a the "TERENA

Re: access database and u...@localhost address

Yes, it's u...@localhost.$mydomain. > > Your access table needs to match what postfix sees. Check the > logs for what postfix sees, probably u...@localhost.$mydomain > > If you need more help, > http://www.postfix.org/DEBUG_README.html#mail > >-- Noel Jones > -- Vladimir Vassiliev

Re: access database and u...@localhost address

On 12/17/2009 2:12 AM, Vladimir Vassiliev wrote: I'm trying to restrict recieving mail for some users. Target is to permit mail only from mynetworks. smtpd_recipient_restrictions = ... check_recipient_access hash:/etc/postfix/restricted_recipie

Re: access table problems

On Tue, 10 Nov 2009, Stan Hoeppner wrote: > When I run these through postmap -q I a get a "REJECT" return. When I > add a fourth octect to the postmap -q input, I get nothing. I've been > beating me head on the desk whilst re-reading man 5 access, and I can't > figure out why real addresses matc

Re: access table problems

And seeing that the guy is blocking email by country, I really wonder why I took time replying to him.

Re: access table problems

> When I run these through postmap -q I a get a "REJECT" return. When I > add a fourth octect to the postmap -q input, I get nothing. I've been > beating me head on the desk whilst re-reading man 5 access, and I can't > figure out why real addresses matching these class C subnets aren't > returni

Re: ACCESS CONTROL FOR LOCAL PICKUP AND VIRTUAL DOMAINS

k p: > Hi There, > > I have a real scenario that I'm not sure how to solve it, > > local clients on the same machine that postfix resides : I want > them to be restricted to their particular virtual domains that they > have access to: > > This is a sample: > > User one (UID/GID 500) :? has

Re: access question

users can send mail to any address Le lundi 12 janvier 2009 à 07:37 -0600, Noel Jones a écrit : > Res wrote: > > Hi All, > > I have a situation where I need to allow a remote user to email in (yes, > > that's whitelisted and working fine), but, deny local users from emailing > > that remote user

Re: access question

Res wrote: Hi All, I have a situation where I need to allow a remote user to email in (yes, that's whitelisted and working fine), but, deny local users from emailing that remote user. I use check_recipient_access and check_sender_access already under smtpd_recipient_restrictions, both of thes

Re: Access and smtpd_sender_restrictions

On Thu, 2009-01-08 at 14:02 -0300, Reinaldo de Carvalho wrote: [ snip ] > > > > Hey! That did the trick! > > > > Thanks for the help. Can you explain me why is it a problem if it si an > > external MTA? > > > > > > Martín > > > > Because any sender not equal to example.com will be reject. > > You

Re: Access and smtpd_sender_restrictions

On Thu, Jan 8, 2009 at 11:10 AM, Martin Spinassi wrote: > On Thu, 2009-01-08 at 10:10 -0300, Reinaldo de Carvalho wrote: >> On Thu, Jan 8, 2009 at 9:20 AM, Martin Spinassi >> wrote: >> > main.cf: >> > >> > smtpd_sender_restrictions= >> >check_client_access hash:/etc/postfix/access >> >

Re: Access and smtpd_sender_restrictions

john.swilt...@wanadoo.fr a écrit : Martin Spinassi a écrit : On Thu, 2009-01-08 at 10:10 -0300, Reinaldo de Carvalho wrote: On Thu, Jan 8, 2009 at 9:20 AM, Martin Spinassi wrote: main.cf: smtpd_sender_restrictions= check_client_access hash:/etc/postfix/access reject s/check_c

Re: Access and smtpd_sender_restrictions

Martin Spinassi a écrit : On Thu, 2009-01-08 at 10:10 -0300, Reinaldo de Carvalho wrote: On Thu, Jan 8, 2009 at 9:20 AM, Martin Spinassi wrote: main.cf: smtpd_sender_restrictions= check_client_access hash:/etc/postfix/access reject s/check_client_access/check_sender_access/ b

Re: Access and smtpd_sender_restrictions

On Thu, 2009-01-08 at 10:10 -0300, Reinaldo de Carvalho wrote: > On Thu, Jan 8, 2009 at 9:20 AM, Martin Spinassi > wrote: > > main.cf: > > > > smtpd_sender_restrictions= > >check_client_access hash:/etc/postfix/access > >reject > > > > s/check_client_access/check_sender_access/ >

Re: Access and smtpd_sender_restrictions

On Thu, Jan 8, 2009 at 9:20 AM, Martin Spinassi wrote: > main.cf: > > smtpd_sender_restrictions= >check_client_access hash:/etc/postfix/access >reject > s/check_client_access/check_sender_access/ but this a problem if is a external MTA. > > Martín > > -- Reinaldo de Carvalho h

Re: Access and smtpd_sender_restrictions

On Thu, 2009-01-08 at 07:54 -0500, Wietse Venema wrote: > Martin Spinassi: > [ Charset UTF-8 unsupported, converting... ] > > Hi list! > > > > I'm trying to install a postfix with some restrictions, including a > > sender restriction, but I'm just missing something. > > > > The idea is to allow o

Re: Access and smtpd_sender_restrictions

Martin Spinassi: [ Charset UTF-8 unsupported, converting... ] > Hi list! > > I'm trying to install a postfix with some restrictions, including a > sender restriction, but I'm just missing something. > > The idea is to allow only one domain to send mails from that server, but > I'm having access d

Re: Access Restriction Not Working

Carlos Williams wrote: > Inbound = blocked > Outbound = still works > > Why? Keeping in mind the suggestions to update your syntax, it sounds like you want smtpd_recipient_restrictions with a check_recipient_access map. Seeing as you want to block both to/from a given domain, you can use the same

Re: Access Restriction Not Working

Carlos Williams a écrit : > In my attempt to block my Postfix email server from receiving and > sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I > created the following: > > vim /etc/postfix/main.cf > > smtpd_sender_restrictions = hash:/etc/postfix/access > reject_unauth_des

Re: Access Restriction Not Working

Carlos Williams wrote: > In my attempt to block my Postfix email server from receiving and > sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I > created the following: > > vim /etc/postfix/main.cf > We prefer 'postconf -n' for a good reason. It shows you (most times) what P

Re: Access Restriction Not Working

Carlos Williams wrote: In my attempt to block my Postfix email server from receiving and sending email to gmail, yahoo, hotmail, aol, and msn email accounts, I created the following: vim /etc/postfix/main.cf smtpd_sender_restrictions = hash:/etc/postfix/access reject_unauth_destination = hash:/

Re: access

* [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > Hello > > I want to HOLD mail from an expecific user, well what i have done is > put in main.cf a line like this : > > smtpd_client_restrictions = check_client_access > hash:/etc/postfix/client_access Use "check_SENDER_access" -- Ralf Hildebrandt ([E

Re: access

[EMAIL PROTECTED] wrote: Hello I want to HOLD mail from an expecific user, well what i have done is put in main.cf a line like this : smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access and my client_access file : [EMAIL PROTECTED] REJECT [EMAIL PROTECTED] HOLD