Yep, working perfectly, thanks!
From: Bill Cole
To: Postfix users
Sent: 09.02.2020 2:12 AM
Subject: Re: check_sender_access not working on local senders
On 8 Feb 2020, at 17:25, simonh wrote:
> Hello,
>
> I am trying to automate anti-spam flood on our Plesk ser
On 8 Feb 2020, at 17:25, simonh wrote:
Hello,
I am trying to automate anti-spam flood on our Plesk servers, and my
goal is
to be able to REJECT mails from abused mailboxes or from non-captcha'd
web
forms.
On the mailboxes, the directive check_sender_access works as expected,
no
problem he
On 30 Dec 2015, at 20:45, Alex wrote:
Hi,
I hoped I could ask another question.
Well, you can ask...
Below is my
smtpd_recipient_restrictions as we were discussing earlier this week:
On Sun, Dec 27, 2015 at 9:37 PM, Bill Cole
wrote:
On 27 Dec 2015, at 20:22, Alex wrote:
[...]
smtpd_reci
On 12/30/2015 7:45 PM, Alex wrote:
>
> The docs say reject_unlisted_recipient rejects mail when the recipient
> is not listed in the list of valid recipients for its domain class. I
> assume this means an IP listed in mynetworks or an entry from the
> check_recipient_access list?
>
> The part I d
Hi,
I hoped I could ask another question. Below is my
smtpd_recipient_restrictions as we were discussing earlier this week:
On Sun, Dec 27, 2015 at 9:37 PM, Bill Cole
wrote:
> On 27 Dec 2015, at 20:22, Alex wrote:
> [...]
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient,
> reject
Hi,
On Mon, Dec 28, 2015 at 12:17 AM, Bill Cole
wrote:
> On 27 Dec 2015, at 22:48, Alex wrote:
>
>> Hopefully the smtpd_sender_restrictions I posted above is correct, but
>> I will also have to either add the IPs to mynetworks or duplicate the
>> check_sender_access map in smtpd_recipient_restric
On 27 Dec 2015, at 22:48, Alex wrote:
Hopefully the smtpd_sender_restrictions I posted above is correct, but
I will also have to either add the IPs to mynetworks or duplicate the
check_sender_access map in smtpd_recipient_restrictions to avoid being
rejected in the RBLs there, correct?
If you
Hi,
> As I understand your problem, there is mail which you must accept that uses
> a sender domain name which does not resolve. However, you generally want to
> use reject_unknown_sender_domain, which is a good thing.
>
> The ideal way to address that problem is a check_sender_access map with you
On 27 Dec 2015, at 20:22, Alex wrote:
[...]
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unlisted_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
reject_unknown_sender_domain,
reject_rhsbl_reve
Hi,
>> It's taken me a few days to process what you've written, but I think
>> I'm now on the right track. Just to be sure I understand, I'd like to
>> list my smtpd_*_restrictions and ask if someone could review them.
>>
>> I have a list of domain names and IPs that I need to ensure are not
>> re
On 27 Dec 2015, at 13:24, Alex wrote:
Hi,
On Wed, Dec 23, 2015 at 3:34 PM, Bill Cole
wrote:
On 23 Dec 2015, at 13:53, Alex wrote:
[...]
Okay, I understand. So if the list wasn't also included in
smtpd_sender_restrictions, would it have been rejected there, due to
the reject_unknown_sender_
Hi,
On Wed, Dec 23, 2015 at 3:34 PM, Bill Cole
wrote:
> On 23 Dec 2015, at 13:53, Alex wrote:
>
> [...]
>
>> Okay, I understand. So if the list wasn't also included in
>> smtpd_sender_restrictions, would it have been rejected there, due to
>> the reject_unknown_sender_domain at the end?
>
>
> Yes
On 23 Dec 2015, at 13:53, Alex wrote:
[...]
Okay, I understand. So if the list wasn't also included in
smtpd_sender_restrictions, would it have been rejected there, due to
the reject_unknown_sender_domain at the end?
Yes.
How can I get around the duplication?
If you don't duplicate reject
Hi,
On Wed, Dec 23, 2015 at 12:53 PM, Bill Cole
wrote:
> On 21 Dec 2015, at 12:38, Alex wrote:
>
>> Perhaps the ordering of restrictions is not correct?
>>
>> smtpd_client_restrictions = permit_mynetworks,
>> check_client_access hash:/etc/postfix/client_checks,
>> check_reverse_client_hostname_
On 21 Dec 2015, at 12:38, Alex wrote:
Perhaps the ordering of restrictions is not correct?
smtpd_client_restrictions = permit_mynetworks,
check_client_access hash:/etc/postfix/client_checks,
check_reverse_client_hostname_access
pcre:/etc/postfix/fqrdns-042715a.pcre,
check_reverse_client_ho
Hi,
On Mon, Dec 21, 2015 at 2:18 PM, Noel Jones wrote:
> On 12/21/2015 12:13 PM, Alex wrote:
>>> For hash: access tables, the correct line is (assuming the default
>>> value of parent_domain_matches_subdomains):
>>>
>>> invalid.example.com OK
>>>
>>> See the access table documentation, pattern s
On 12/21/2015 12:13 PM, Alex wrote:
>> For hash: access tables, the correct line is (assuming the default
>> value of parent_domain_matches_subdomains):
>>
>> invalid.example.com OK
>>
>> See the access table documentation, pattern search order section for
>> details.
>> http://www.postfix.org/acc
Hi,
On Mon, Dec 21, 2015 at 12:48 PM, Noel Jones wrote:
> On 12/21/2015 11:38 AM, Alex wrote:
>> Hi,
>> I have a postfix-2.10 fedora22 system and having trouble with my
>> sender checks. I have a domain that is sending mail with an invalid
>> hostname. The temporary solution is to add a check_sen
On 12/21/2015 11:38 AM, Alex wrote:
> Hi,
> I have a postfix-2.10 fedora22 system and having trouble with my
> sender checks. I have a domain that is sending mail with an invalid
> hostname. The temporary solution is to add a check_sender_access
> entry, but I must be doing something wrong.
>
> De
On 12/10/2015 9:17 PM, Alex wrote:
>> In that case, rather than using permit_mynetworks you should use a
>> separate check_client_access that permits all the authorized IPs.
>>
>> Make sure to do this in smtpd_sender_restrictions so that settings
>> here don't affect relay rules.
>
> So where I pr
Hi,
>>> This is independent of SPF. The rules discussed blocks your domain
>>> as envelope sender except for a whitelist you have specified
>>> (permit_mynetworks).
>>
>> Yes, and that was part of my concern. There are includes in our SPF
>> record for networks that we don't control. I don't want
On 12/10/2015 8:39 AM, Alex wrote:
>>
>> This is independent of SPF. The rules discussed blocks your domain
>> as envelope sender except for a whitelist you have specified
>> (permit_mynetworks).
>
> Yes, and that was part of my concern. There are includes in our SPF
> record for networks that we
Hi,
>> This originated with me trying to have a better understanding of SPF.
>> check_sender_access consults $mynetworks to determine which servers
>> can send mail as my domain.
>
> Eh? check_sender_access can only check the envelope sender address,
> not a network or hostname.
Yes, thanks, I do
On 12/9/2015 4:17 PM, Alex wrote:
> Hi,
>
>>> I'm trying to configure postfix-3.0.2 to reject mail trying to spoof
>>> my domain in the envelope FROM address without rejecting my own
>>> domain, and I'm doing something wrong.
>>
>> Typically this is done something like:
>> smtpd_sender_restriction
Hi,
>> I'm trying to configure postfix-3.0.2 to reject mail trying to spoof
>> my domain in the envelope FROM address without rejecting my own
>> domain, and I'm doing something wrong.
>
> Typically this is done something like:
> smtpd_sender_restrictions =
> permit_mynetworks
> check_sender_a
On 12/9/2015 11:54 AM, Alex wrote:
> Hi,
>
> I'm trying to configure postfix-3.0.2 to reject mail trying to spoof
> my domain in the envelope FROM address without rejecting my own
> domain, and I'm doing something wrong.
Typically this is done something like:
smtpd_sender_restrictions =
permit_
On Friday, 28 August, 2015 06:24 PM, Wietse Venema [via Postfix] wrote:
> check_sender_access is not a configuration parameter.
> http://www.postfix.org/postconf.5.html#check_sender_access
> http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
>
> Wietse
Hi Wietse,
Thanks for
snowweb:
> One user in a client's domain has a virus which is sending many spam emails.
> I've disabled his mail account for now, but shortly, he will tell me it's
> fixed and I'll have to take his word for it.
>
> I'd like to force his outgoing emails into a holding queue for checking and
> to do
Bithead:
> Wietse,
>
> >> # check_sender_accesshash:/etc/posfix/mywhitelist <-- this
> killed
> > the pathname does not exist (you mis-typed it). In addition, you
>
> Ok, that's embarrassing. Thanks for catching it, though. But even so, why
> would pointing to a non-existent file comp
Wietse,
>> # check_sender_accesshash:/etc/posfix/mywhitelist <-- this
killed
> the pathname does not exist (you mis-typed it). In addition, you
Ok, that's embarrassing. Thanks for catching it, though. But even so, why
would pointing to a non-existent file completely halt incoming mail
Bithead:
> # check_sender_accesshash:/etc/posfix/mywhitelist <-- this killed
If in doubt, look for warning messages in the maillog file.
In this specific case the warnings would have told you that you
the pathname does not exist (you mis-typed it). In addition, you
may have forgotten to
El 22/10/2014 a las 19:47, Viktor Dukhovni escribió:
Mail that passes these two conditions is either sent from a client
that matches "permit_mynetworks" (checks logs or Received headers for
client IP) or from an *envelope sender* address that is not blocked
by that table.
Ok, this would explai
On Wed, Oct 22, 2014 at 07:41:22PM +0100, Nicol?s wrote:
The claim in the subject line is simply implausible. Such major
problems in access(5) processing would not go unnoticed.
> smtpd_sender_restrictions =
> permit_mynetworks
> check_sender_access hash:/etc/postfix/valid
On Thu, May 29, 2014 at 08:08:45AM -0700, G H wrote:
> I am trying to utilize Postfix to restrict the sending of mail
> from certain users based on the MAIL FROM command. However, it
> doesn't appear that Postfix-2.10.2 is paying attention to my
> check_sender_access restrictions at all. I have it
On 2012-03-19 11:01 AM, /dev/rob0 wrote:
On Mon, Mar 19, 2012 at 09:20:13AM -0400, Charles Marcus wrote:
One question/confirmation though (reading
http://www.postfix.org/access.5.html does not seem to answer
this, but I may be missing that too) - does an OK here skip
further checks in the entir
On Mon, Mar 19, 2012 at 09:20:13AM -0400, Charles Marcus wrote:
> Thanks *very* much for taking the time to reply rob0 - it forced
> me to re-examine my prior attempts...
>
> On 2012-03-18 6:13 PM, /dev/rob0 wrote:
> >On Sun, Mar 18, 2012 at 12:32:33PM -0400, Charles Marcus wrote:
> >My assumptio
Thanks *very* much for taking the time to reply rob0 - it forced me to
re-examine my prior attempts...
On 2012-03-18 6:13 PM, /dev/rob0 wrote:
On Sun, Mar 18, 2012 at 12:32:33PM -0400, Charles Marcus wrote:
My assumption was that smtpd_sender_restrictions would evaluate
before smtpd_recipient_
On Sun, Mar 18, 2012 at 12:32:33PM -0400, Charles Marcus wrote:
> On 2012-03-17 10:20 AM, /dev/rob0 wrote:
> >On Sat, Mar 17, 2012 at 08:58:16AM -0400, Charles Marcus wrote:
> >>smtpd_recipient_restrictions =
> >>
> >> # these two maps only have REJECTs, no OKs allowed
> >>check_recipient_acc
On 2012-03-17 10:20 AM, /dev/rob0 wrote:
On Sat, Mar 17, 2012 at 08:58:16AM -0400, Charles Marcus wrote:
smtpd_recipient_restrictions =
# these two maps only have REJECTs, no OKs allowed
check_recipient_access ${hash}/moved-employees,
check_recipient_access ${hash}/x-employees,
Fi
On Sat, Mar 17, 2012 at 08:58:16AM -0400, Charles Marcus wrote:
> After modifying my config to work the way I want it to after the
> switch from webroot to postini,
I have a "funny" Postini story to tell. Recently I made inquiry
about features of the service, and in the web form I carefully and
On 2/21/2012 10:55 AM, Harakiri wrote:
>
>
> --- On Tue, 2/21/12, Noel Jones wrote:
>
>> From: Noel Jones
>> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
>> are in mynetworks
>
>> something like:
>>
&
--- On Tue, 2/21/12, Noel Jones wrote:
> From: Noel Jones
> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
> are in mynetworks
> something like:
>
> # /etc/postfix/mynetworks.cidr
> 127.0.0.0/8 OK {or check_local_send
Harakiri:
> smtpd_sender_restrictions =ldap2_config..., reject
>
> the problem with this is - that this check is also executed for
> inbound mails.
Wietse:
> smtpd_sender_restrictions = permit_mynetworks, ...
Harakiri:
>This is exactly the wrong away around - as i said i need to verify
>envelop
--- On Tue, 2/21/12, Wietse Venema wrote:
> From: Wietse Venema
> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
> are in mynetworks
> To: "Postfix users"
> Date: Tuesday, February 21, 2012, 10:47 AM
> Harakiri:
>
On 2/21/2012 9:21 AM, Harakiri wrote:
> I have currently a whitelist which checks inbound recipients against an ldap
> using a combination of
>
> relay_recipient_maps = ldap_config...
> smtpd_recipient_restrictions = permit_mynetworks ...reject_unlisted_recipient
>
> Now i want to have a simila
Harakiri:
> smtpd_sender_restrictions =ldap2_config..., reject
>
> the problem with this is - that this check is also executed for
> inbound mails.
smtpd_sender_restrictions = permit_mynetworks, ...
Wietse
> That depends on your table schema and the contents of
> mysql-virtual_domains.cf.
user = xx
password = x
dbname = mail
query = SELECT domain AS virtual FROM domains WHERE domain='%s'
hosts = 127.0.0.1
table structure:
use mail;
CREATE TABLE domains (
domain varchar(50) NOT NULL,
PRIM
Cameron Camp a écrit :
> LuKreme said to use:
actually, it was mouss...
>
> check_sender_access hash:/etc/postfix/mydomain
>
> == mydomain
> example.com REJECT you cannot send on behalf of example.com
> .example.comREJECT you cannot send on behalf of example.com
>
> can I use:
>
> che
Original-Nachricht
> Datum: Tue, 25 Aug 2009 12:24:15 -0700
> Von: Cameron Camp
> An: postfix-us...@cloud9.net
> Betreff: check_sender_access to virtual map?
> LuKreme said to use:
>
> check_sender_access hash:/etc/postfix/mydomain
>
> == mydomain
> example.com REJECT you
On Tuesday, August 25, 2009 at 21:24 CEST,
Cameron Camp wrote:
> LuKreme said to use:
>
> check_sender_access hash:/etc/postfix/mydomain
>
> == mydomain
> example.com REJECT you cannot send on behalf of example.com
> .example.comREJECT you cannot send on behalf of example.com
>
>
JohnD a écrit :
>> Use the Email Address Patterns for the lookup key sequence in
>> http://www.postfix.org/access.5.html and apply that to the pgsql_table
>> document..
>> A check sender access will always reference the MAIL FROM given to Postfix.
>
>> It is up to you and your needs as to what the
> Use the Email Address Patterns for the lookup key sequence in
> http://www.postfix.org/access.5.html and apply that to the pgsql_table
> document..
> A check sender access will always reference the MAIL FROM given to Postfix.
> It is up to you and your needs as to what the table will contain an
JohnD wrote:
> Hi,
>
> I have been running Postfix 2.5.x on a linux server using virtual
> domains with PostgreSQL for a while now and I've just implemented a
> basic check_sender_access policy using a hash. Everything works fine,
> but now I would like to convert this to an SQL statement and stor
You're right, CC or CCI (Bcc) are converted by the MUA into SMTP recipients.
Well ... I have solved my issue...I had done a really stupid confusion :
I had used postfix with an old main.cf.BACKUP file without this
configuration !
The real main.cf with good configuration works fine so.
Sorry for
Christophe Dumonet a écrit :
> Hello,
> In order to deny the use of certain lists from outside, I use :
>
> smtpd_restriction_classes = insiders_only
> insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix
* ram <[EMAIL PROTECTED]>:
> I use in my main.cf
>
> smtpd_recipient_restrictions =
> check_sender_access regexp:/etc/postfix/sender_transport
>
> and in sender_transport I use FILTER to redirect mails as required
>
>
> If a mail is coming in via uucp then this will not work. Can something
56 matches
Mail list logo
