Configuration Syntax

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Configuration Syntax

Doug Hardie
I tried to implement RBL and postfwd.  I placed everything in main.cf:

smtpd_recipient_restrictions =
        check_policy_service inet:127.0.0.1:10040
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        reject_unauth_destination,
        reject_rbl_client bl.spamcop.net
        permit

That worked, but it affected both the smtp and submission ports.  I expected that, but it made it easier to test.  However, I then needed to make the submission port work properly.  So I made the following change to master.cf and removed those lines from main.cf:

smtpd      pass  -       -       n       -       -       smtpd
       -o smtpd_recipient_restrictions =
               check_policy_service inet:127.0.0.1:10040
               reject_invalid_hostname,
               reject_non_fqdn_sender,
               reject_non_fqdn_recipient,
               reject_unknown_sender_domain,
               reject_unknown_recipient_domain,
               reject_unauth_pipelining,
               permit_mynetworks,
               reject_unauth_destination,
               reject_rbl_client bl.spamcop.net
               permit


After a postfix reload basically everything stopped working.  There were no errors reported in maillog.  Basically, nothing was going into maillog.  So I went back to the original configuration and it started working again.  I then added the following to master.cf to remove those from submission port:

submission inet n       -       n       -       -       smtpd
       -o smtpd_recipient_restrictions=permit_mynetworks


This approach works, but it seems to me that the first approach should have worked.  Apparently I have formatted the options incorrectly.  What did I do wrong?

-- Doug

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuration Syntax

Noel Jones-2
On 7/6/2017 1:45 PM, Doug Hardie wrote:

> I tried to implement RBL and postfwd.  I placed everything in main.cf:
>
> smtpd_recipient_restrictions =
> check_policy_service inet:127.0.0.1:10040
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> permit_mynetworks,
> reject_unauth_destination,
> reject_rbl_client bl.spamcop.net
> permit
>
> That worked, but it affected both the smtp and submission ports.  I expected that, but it made it easier to test.  However, I then needed to make the submission port work properly.  So I made the following change to master.cf and removed those lines from main.cf:
>
> smtpd      pass  -       -       n       -       -       smtpd
>        -o smtpd_recipient_restrictions =
>                check_policy_service inet:127.0.0.1:10040
>                reject_invalid_hostname,
>                reject_non_fqdn_sender,
>                reject_non_fqdn_recipient,
>                reject_unknown_sender_domain,
>                reject_unknown_recipient_domain,
>                reject_unauth_pipelining,
>                permit_mynetworks,
>                reject_unauth_destination,
>                reject_rbl_client bl.spamcop.net
>                permit
>
>
> After a postfix reload basically everything stopped working.  There were no errors reported in maillog.  Basically, nothing was going into maillog.  So I went back to the original configuration and it started working again.  I then added the following to master.cf to remove those from submission port:
>
> submission inet n       -       n       -       -       smtpd
>        -o smtpd_recipient_restrictions=permit_mynetworks
>
>
> This approach works, but it seems to me that the first approach should have worked.  Apparently I have formatted the options incorrectly.  What did I do wrong?
>
> -- Doug
>


main.cf doesn't allow spaces in the options.  The supported syntax
is to either use commas "," rather than spaces; enclose the option
in braces "{ ... }"; or the preferred method of defining a macro in
main.cf and reference it in master.cf.  See the master.cf man page.

# main.cf
my_smtpd_restrictions =
               check_policy_service inet:127.0.0.1:10040
               reject_invalid_hostname,
               reject_non_fqdn_sender,
               reject_non_fqdn_recipient,
               reject_unknown_sender_domain,
               reject_unknown_recipient_domain,
               reject_unauth_pipelining,
               permit_mynetworks,
               reject_unauth_destination,
               reject_rbl_client bl.spamcop.net
               permit

# master.cf
smtpd      pass  -       -       n       -       -       smtpd
  -o smtpd_recipient_restrictions=$my_smtpd_restrictions



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuration Syntax

Doug Hardie

> On 6 July 2017, at 12:40, Doug Hardie <[hidden email]> wrote:
>
>>
>> On 6 July 2017, at 12:06, Noel Jones <[hidden email]> wrote:
>>
>> main.cf doesn't allow spaces in the options.  The supported syntax
>> is to either use commas "," rather than spaces; enclose the option
>> in braces "{ ... }"; or the preferred method of defining a macro in
>> main.cf and reference it in master.cf.  See the master.cf man page.
>>
>> # main.cf
>> my_smtpd_restrictions =
>>              check_policy_service inet:127.0.0.1:10040
>>              reject_invalid_hostname,
>>              reject_non_fqdn_sender,
>>              reject_non_fqdn_recipient,
>>              reject_unknown_sender_domain,
>>              reject_unknown_recipient_domain,
>>              reject_unauth_pipelining,
>>              permit_mynetworks,
>>              reject_unauth_destination,
>>              reject_rbl_client bl.spamcop.net
>>              permit
>>
>> # master.cf
>> smtpd      pass  -       -       n       -       -       smtpd
>> -o smtpd_recipient_restrictions=$my_smtpd_restrictions
>
>
> Thanks.  That makes sense now.

Well, I thought I understood it, but now am not so sure so here is what I have ready to try.  I still am a bit confused in the macro in main.cf some of the lines have a comma at the end and others do not.  When is the comma needed?

main.cf
#       Incoming restrictions and Implement postfwd
incoming_smtpd_restrictions =
        check_policy_service inet:127.0.0.1:10040
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        permit_mynetworks,
        check_recipient_access hash:/usr/local/etc/postfix/tempfail
        reject_unauth_destination,
        reject_rbl_client bl.spamcop.net
        permit

Virtual_alias_maps file:
[hidden email]                doug
...

tempfail file:
[hidden email]        450 4.2.1 This mailbox is unavailable today


master.cf:
smtpd      pass  -       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
        -o smtpd_recipient_restrictions=permit_mynetworks

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuration Syntax

Noel Jones-2
On 7/7/2017 12:37 AM, Doug Hardie wrote:

>
>> On 6 July 2017, at 12:40, Doug Hardie <[hidden email]> wrote:
>>
>>>
>>> On 6 July 2017, at 12:06, Noel Jones <[hidden email]> wrote:
>>>
>>> main.cf doesn't allow spaces in the options.  The supported syntax
>>> is to either use commas "," rather than spaces; enclose the option
>>> in braces "{ ... }"; or the preferred method of defining a macro in
>>> main.cf and reference it in master.cf.  See the master.cf man page.
>>>
>>> # main.cf
>>> my_smtpd_restrictions =
>>>              check_policy_service inet:127.0.0.1:10040
>>>              reject_invalid_hostname,
>>>              reject_non_fqdn_sender,
>>>              reject_non_fqdn_recipient,
>>>              reject_unknown_sender_domain,
>>>              reject_unknown_recipient_domain,
>>>              reject_unauth_pipelining,
>>>              permit_mynetworks,
>>>              reject_unauth_destination,
>>>              reject_rbl_client bl.spamcop.net
>>>              permit
>>>
>>> # master.cf
>>> smtpd      pass  -       -       n       -       -       smtpd
>>> -o smtpd_recipient_restrictions=$my_smtpd_restrictions
>>
>>
>> Thanks.  That makes sense now.
>
> Well, I thought I understood it, but now am not so sure so here is what I have ready to try.  I still am a bit confused in the macro in main.cf some of the lines have a comma at the end and others do not.  When is the comma needed?

main.cf treats comma, space, tab, and newline, all as whitespace,
and they can be used interchangeably. Insert commas as desired for
readability. See the main.cf manpage.

>
> main.cf
> #       Incoming restrictions and Implement postfwd
> incoming_smtpd_restrictions =
>         check_policy_service inet:127.0.0.1:10040
>         reject_invalid_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         reject_unauth_pipelining,
>         permit_mynetworks,
>         check_recipient_access hash:/usr/local/etc/postfix/tempfail
>         reject_unauth_destination,
>         reject_rbl_client bl.spamcop.net
>         permit
>
> Virtual_alias_maps file:
> [hidden email]                doug
> ...
>
> tempfail file:
> [hidden email]        450 4.2.1 This mailbox is unavailable today
>
>
> master.cf:
> smtpd      pass  -       -       n       -       -       smtpd
> submission inet n       -       n       -       -       smtpd
>         -o smtpd_recipient_restrictions=permit_mynetworks
>

Your submission options must have a reject at the end.  Most folks
use permit_sasl_authenticated instead of permit_mynetworks on
submission, but use whatever is correct for your server.
  -o smtpd_recipient_restrictions=permit_mynetworks,reject

Note master.cf syntax difference; no spaces around the comma.


  -- Noel Jones

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configuration Syntax

Doug Hardie

> On 7 July 2017, at 08:44, Noel Jones <[hidden email]> wrote:
>
> On 7/7/2017 12:37 AM, Doug Hardie wrote:
>>
>>> On 6 July 2017, at 12:40, Doug Hardie <[hidden email]> wrote:
>>>
>>>>
>>>> On 6 July 2017, at 12:06, Noel Jones <[hidden email]> wrote:
>>>>
>>>> main.cf doesn't allow spaces in the options.  The supported syntax
>>>> is to either use commas "," rather than spaces; enclose the option
>>>> in braces "{ ... }"; or the preferred method of defining a macro in
>>>> main.cf and reference it in master.cf.  See the master.cf man page.
>>>>
>>>> # main.cf
>>>> my_smtpd_restrictions =
>>>>             check_policy_service inet:127.0.0.1:10040
>>>>             reject_invalid_hostname,
>>>>             reject_non_fqdn_sender,
>>>>             reject_non_fqdn_recipient,
>>>>             reject_unknown_sender_domain,
>>>>             reject_unknown_recipient_domain,
>>>>             reject_unauth_pipelining,
>>>>             permit_mynetworks,
>>>>             reject_unauth_destination,
>>>>             reject_rbl_client bl.spamcop.net
>>>>             permit
>>>>
>>>> # master.cf
>>>> smtpd      pass  -       -       n       -       -       smtpd
>>>> -o smtpd_recipient_restrictions=$my_smtpd_restrictions
>>>
>>>
>>> Thanks.  That makes sense now.
>>
>> Well, I thought I understood it, but now am not so sure so here is what I have ready to try.  I still am a bit confused in the macro in main.cf some of the lines have a comma at the end and others do not.  When is the comma needed?
>
> main.cf treats comma, space, tab, and newline, all as whitespace,
> and they can be used interchangeably. Insert commas as desired for
> readability. See the main.cf manpage.
>
>>
>> main.cf
>> #       Incoming restrictions and Implement postfwd
>> incoming_smtpd_restrictions =
>>        check_policy_service inet:127.0.0.1:10040
>>        reject_invalid_hostname,
>>        reject_non_fqdn_sender,
>>        reject_non_fqdn_recipient,
>>        reject_unknown_sender_domain,
>>        reject_unknown_recipient_domain,
>>        reject_unauth_pipelining,
>>        permit_mynetworks,
>>        check_recipient_access hash:/usr/local/etc/postfix/tempfail
>>        reject_unauth_destination,
>>        reject_rbl_client bl.spamcop.net
>>        permit
>>
>> Virtual_alias_maps file:
>> [hidden email]                doug
>> ...
>>
>> tempfail file:
>> [hidden email]        450 4.2.1 This mailbox is unavailable today
>>
>>
>> master.cf:
>> smtpd      pass  -       -       n       -       -       smtpd
>> submission inet n       -       n       -       -       smtpd
>>        -o smtpd_recipient_restrictions=permit_mynetworks
>>
>
> Your submission options must have a reject at the end.  Most folks
> use permit_sasl_authenticated instead of permit_mynetworks on
> submission, but use whatever is correct for your server.
>  -o smtpd_recipient_restrictions=permit_mynetworks,reject
>
> Note master.cf syntax difference; no spaces around the comma.
>
>
>  -- Noel Jones

Thank you.  That was a clear explanation.


Loading...