Postfix restriction
Locked
 
|
Dear all, Users should be able to get outside mails normally. I’ve found this on postfix.org: /etc/postfix/main.cf: smtpd_recipient_restrictions = ...check_recipient_access hash:/etc/postfix/protected_destinations ...the usual stuff...smtpd_restriction_classes = insiders_only insiders_only = check_sender_access hash:/etc/postfix/insiders, reject /etc/postfix/protected_destinations: [hidden email] insiders_only [hidden email] insiders_only/etc/postfix/insiders: my.domain OK matches my.domain and subdomains another.domain OK matches another.domain and subdomainsWhich is working, but after creating the hash tables like in this example, other users won’t get new mails from outside. All other mails are rejected in the logs with “server configuration error” For the users and domains I use these settings with cyrus-imapd: virtual_transport = lmtp:unix:/local/socket/lmtp virtual_alias_maps = hash:/etc/postfix/virtual_recipients virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains virtual_mailbox_domains contain our domains in a table like “company01.de OK” If I set these settings # smtpd_restriction_classes = insiders_only # insiders_only = check_sender_access hash:/etc/postfix/insiders, reject # check_recipient_access hash:/etc/postfix/protected_destinations Cat protected_destinations [hidden email] insiders_only Cat insiders Domain.com OK It’s possible to restrict only 2 mailboxes and do not prevent that the normal mailflow will be cut off? Best Regards David |
|
|
On Sat, Feb 13, 2021 at 08:49:56PM +0100, Dan wrote:
> /etc/postfix/main.cf: > smtpd_recipient_restrictions = > ... > check_recipient_access hash:/etc/postfix/protected_destinations > ...the usual stuff... > > smtpd_restriction_classes = insiders_only > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject > > /etc/postfix/protected_destinations: > [hidden email] insiders_only > [hidden email] insiders_only > > /etc/postfix/insiders: > my.domain OK matches my.domain and subdomains > another.domain OK matches another.domain and subdomains > Which is working, but after creating the hash tables like in this example, other users won’t get new mails from outside. > > All other mails are rejected in the logs with “server configuration error” Fix the "server configuration error" detailed in your logs. -- Viktor. |
|
|
Okay how to solve this?
Here the logs attached. It looks like that postfix don't know to handle other users. If I send from allowed domains which I entered in the protected_destinations it works. If I send a mail from gmail: Feb 13 21:44:06 CGSG postfix/smtpd[8296]: Anonymous TLS connection established from mail-wr1-f49.google.com[209.85.221.49]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Feb 13 21:44:06 CGSG postfix/smtpd[8296]: warning: unknown smtpd restriction: "smtpd_restriction_classes" Feb 13 21:44:06 CGSG postfix/smtpd[8296]: NOQUEUE: reject: RCPT from mail-wr1-f49.google.com[209.85.221.49]: 451 4.3.5 Server configuration error; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mail-wr1-f49.google.com> From allowed side it looks like: Feb 13 21:43:21 CGSG postfix/qmgr[8269]: 667C17E0061: from=<[hidden email]>, size=2441, nrcpt=1 (queue active) Feb 13 21:43:21 CGSG cyrus/lmtpchroot[8287]: Delivered: <[hidden email]> to mailbox: domain.net!user.test Any ideas? Best Regards David Faller Am 13.02.21, 21:40 schrieb "Viktor Dukhovni" <[hidden email] im Auftrag von [hidden email]>: On Sat, Feb 13, 2021 at 08:49:56PM +0100, Dan wrote: > /etc/postfix/main.cf: > smtpd_recipient_restrictions = > ... > check_recipient_access hash:/etc/postfix/protected_destinations > ...the usual stuff... > > smtpd_restriction_classes = insiders_only > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject > > /etc/postfix/protected_destinations: > [hidden email] insiders_only > [hidden email] insiders_only > > /etc/postfix/insiders: > my.domain OK matches my.domain and subdomains > another.domain OK matches another.domain and subdomains > Which is working, but after creating the hash tables like in this example, other users won’t get new mails from outside. > > All other mails are rejected in the logs with “server configuration error” Fix the "server configuration error" detailed in your logs. -- Viktor. |
|
|
On Sat, Feb 13, 2021 at 09:56:52PM +0100, Dan wrote:
> It looks like that postfix don't know to handle other users. No, rather you have a syntax error in your main.cf file. > Okay how to solve this? Fix the syntax error. > Here the logs attached. > If I send a mail from gmail: > > Feb 13 21:44:06 CGSG postfix/smtpd[8296]: warning: unknown smtpd restriction: "smtpd_restriction_classes" > Feb 13 21:44:06 CGSG postfix/smtpd[8296]: NOQUEUE: reject: RCPT from mail-wr1-f49.google.com[209.85.221.49]: 451 4.3.5 Server configuration error; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mail-wr1-f49.google.com> You have "smtpd_restriction_classes" in the wrong place. > > > /etc/postfix/main.cf: > > smtpd_recipient_restrictions = > > ... > > check_recipient_access hash:/etc/postfix/protected_destinations > > ...the usual stuff... > > > > smtpd_restriction_classes = insiders_only > > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject There must be leading whitespace in front of "smtpd_restriction_classes", as you would see if you use "postconf -nf", rather than just pasting the file content. You can see just the problem settings with: # postconf -n | grep smtpd_restriction_classes -- Viktor. |
|
|
Thank you, this solves the issue
Have a nice evening __ Am 13.02.21, 22:12 schrieb "Viktor Dukhovni" <[hidden email] im Auftrag von [hidden email]>: On Sat, Feb 13, 2021 at 09:56:52PM +0100, Dan wrote: > It looks like that postfix don't know to handle other users. No, rather you have a syntax error in your main.cf file. > Okay how to solve this? Fix the syntax error. > Here the logs attached. > If I send a mail from gmail: > > Feb 13 21:44:06 CGSG postfix/smtpd[8296]: warning: unknown smtpd restriction: "smtpd_restriction_classes" > Feb 13 21:44:06 CGSG postfix/smtpd[8296]: NOQUEUE: reject: RCPT from mail-wr1-f49.google.com[209.85.221.49]: 451 4.3.5 Server configuration error; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<mail-wr1-f49.google.com> You have "smtpd_restriction_classes" in the wrong place. > > > /etc/postfix/main.cf: > > smtpd_recipient_restrictions = > > ... > > check_recipient_access hash:/etc/postfix/protected_destinations > > ...the usual stuff... > > > > smtpd_restriction_classes = insiders_only > > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject There must be leading whitespace in front of "smtpd_restriction_classes", as you would see if you use "postconf -nf", rather than just pasting the file content. You can see just the problem settings with: # postconf -n | grep smtpd_restriction_classes -- Viktor. |
«
Return to Postfix Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |