Re: Postfix-Sender and recipient restriction problem
Semih Gokalp wrote:
> Thanks Mihira it works.If I write users in recipient and sender files,no
> problem. main.cf like below:
>
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/recipient_access reject_unlisted_recipient
> permit_sasl_authenticated check_relay_domains reject_anunth_destination
>
> smtpd_sender_restrictions = reject_unknown_sender_domain warn_if_reject
> reject_n on_fqdn_sender check_sender_access
> hash:/etc/postfix/sender_login_maps
>
> ---------------------------------------------
>
> but If i dont write all address in sender_login_maps file ,Other mail
> account can send mail.Users mail address must be in sender and recipient
> files ??
This is because Postfix is the Final Recipient for this domain. By
default it allows all email addresses that it is the Final Recipient, to
rely mail through it.
try this : add all the email addresses that are allowed to send mail in
the sender_login_maps file and at the end of the list, add a domain wide
reject line. Something like this :
/etc/postfix/sender_check
user1@yourdomain OK
user2@yourdomain OK
yourdomain REJECT
Not 100% sure that this will work but give it a try.
and I added some parameters in main.cf like below:
>
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/recipient_access reject_unlisted_recipient
> reject_unverified_recipient reject_unknown_recipient_ domain
>
> smtpd_sender_restrictions = reject_unknown_sender_domain warn_if_reject
> reject_n on_fqdn_sender check_sender_access
> hash:/etc/postfix/sender_login_maps reject_un
> authenticated_sender_login_mismatch reject_unlisted_sender
>
> but i have a problem.Problem:
>
> I did telnet to mail server on LOCAL AREA and write 1* MAIL
> FROM:fake_account@ abc.def or 2* MAIL FROM:real_mail_account@
> fake_domainname and RCPT TO:real_mail_account@ abc.def and mail has sent !
> Mail server dont alert me "Sender address reject:User unknown in local
> recipient table" or "Sender domain name reject" or same messeage
>
> but when I write 1* out of local area,mail server alert me "Sender address
> reject:User unknown in local recipient table".When I write MAIL
> FROM:(fake_accunt or real account)@ fake_domainname it has sent ! ,Why
> doesnt it alert me "sender domain name reject" or same message ?
>
>
> in short:
>
> LOCAL AREA:
>
> real_mail_account@ abc.def can send mail to real_mail_account@ abc.def
> fake_mail_account@ abc.def can send mail to real_mail_account@ abc.def
> fake_mail_account@ fake_domainname can send mail to real_mail_account@
> abc.def
>
> OUT OF LOCAL AREA
>
> real_mail_account@ abc.def can send mail to real_mail_account@abc.def
> fake_mail_account@ abc.def can NOT send mail to real_mail_account@ abc.def
> fake_mail_account@ fake_domainname can send mail to real_mail_account@
> abc.def
>
>
> I think its an interesting problem.How can I solve this problem ?
>
> Thanks.
>
Ok, Why postfix allows any mail relaying in LAN is that you have entered
the LAN IP Range in your mynetworks parameter. By default, postfix
allows mail relaying for all IPs you enter in mynetworks. Postfix
assumes that all IPs listed in the mynetworks to be trusted ones.
But when you try to relay mail from outside your LAN, because that IP
address is not in your mynetowrks list, it does all the checks for that
mail.
I suggest you leave only 127.0.0.1/8 in your mynetworks. This makes
postfix trust only the local PC and even mail sent from the LAN will get
all the checks.
Mihira.
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break
stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.
Reply to: