Recipent restrictions

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Recipent restrictions

Dilip Harishchandra
Hello Group,

I want to implement some restrictions on postfix by which it would reject domains without mx records, as well as those specified in access table. These are some domains to I do not want to send mails at all. My problem is that, this setting does not work at all, since the sending IPs are specified in mynetworks. The moment I change the order of the parameters, it starts to reject all mails from all the IPs. Please help me to set the correct order of the parameters in main.cf:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, permit_inet_interfaces, check_recipient_access hash:/etc/postfix/access, reject_unauth_destination, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rhsbl_sender dsn.rfc-ignorant.org, check_relay_domains

Dilip
Reply | Threaded
Open this post in threaded view
|

Re: Recipent restrictions

Noel Jones-2
On 11/17/2011 12:13 AM, Dilip Mishra // Viva wrote:

> Hello Group,
>
> I want to implement some restrictions on postfix by which it would
> reject domains without mx records, as well as those specified in
> access table. These are some domains to I do not want to send mails
> at all. My problem is that, this setting does not work at all, since
> the sending IPs are specified in mynetworks. The moment I change the
> order of the parameters, it starts to reject all mails from all the
> IPs. Please help me to set the correct order of the parameters in
> main.cf <http://main.cf>:
>
> *smtpd_recipient_restrictions* = permit_mynetworks,
> permit_sasl_authenticated, permit_inet_interfaces,
> *check_recipient_access hash:/etc/postfix/access*,
> reject_unauth_destination, reject_rbl_client list.dsbl.org
> <http://list.dsbl.org/>, reject_rbl_client bl.spamcop.net
> <http://bl.spamcop.net/>, reject_rbl_client sbl-xbl.spamhaus.org
> <http://sbl-xbl.spamhaus.org/>,
> reject_rhsbl_sender dsn.rfc-ignorant.org
> <http://dsn.rfc-ignorant.org/>, check_relay_domains
>
> Dilip


Put restrictions that you want applied to all clients in
smtpd_sender_restrictions, including your check_recipient_access table.

Review your RBL list once in a while.  list.dsbl.org is no longer
operating, most sites should use zen.spamhaus.org rather than
sbl-xbl, and the rfc-ignorant lists are intended for a scoring
system rather than SMTP rejects.

Remove the deprecated check_relay_domains parameter.


Finally, if your configuration isn't working as expected, you need
to show us the non-working config and postfix logs.

If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Recipent restrictions

Simon Brereton-2
In reply to this post by Dilip Harishchandra
On 17 November 2011 01:13, Dilip Mishra // Viva
<[hidden email]> wrote:

> Hello Group,
> I want to implement some restrictions on postfix by which it would reject
> domains without mx records, as well as those specified in access table.
> These are some domains to I do not want to send mails at all. My problem is
> that, this setting does not work at all, since the sending IPs are specified
> in mynetworks. The moment I change the order of the parameters, it starts to
> reject all mails from all the IPs. Please help me to set the correct order
> of the parameters in main.cf:
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> permit_inet_interfaces, check_recipient_access hash:/etc/postfix/access,
> reject_unauth_destination, reject_rbl_client list.dsbl.org,
> reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rhsbl_sender dsn.rfc-ignorant.org, check_relay_domains


I would also suggest that you need permit_sasl_authenticated before
permit_mynetworks.  And reject_unauth_destination should maybe also be
higher up.  And what purpose does your relay_domains server at the
end?

Simon
Reply | Threaded
Open this post in threaded view
|

Re: Recipent restrictions

Dilip Harishchandra
Thanks for replies, will try the changes and let u know the issues.
On Thu, Nov 17, 2011 at 8:18 PM, Simon Brereton <[hidden email]> wrote:
On 17 November 2011 01:13, Dilip Mishra // Viva
<[hidden email]> wrote:
> Hello Group,
> I want to implement some restrictions on postfix by which it would reject
> domains without mx records, as well as those specified in access table.
> These are some domains to I do not want to send mails at all. My problem is
> that, this setting does not work at all, since the sending IPs are specified
> in mynetworks. The moment I change the order of the parameters, it starts to
> reject all mails from all the IPs. Please help me to set the correct order
> of the parameters in main.cf:
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> permit_inet_interfaces, check_recipient_access hash:/etc/postfix/access,
> reject_unauth_destination, reject_rbl_client list.dsbl.org,
> reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rhsbl_sender dsn.rfc-ignorant.org, check_relay_domains


I would also suggest that you need permit_sasl_authenticated before
permit_mynetworks.  And reject_unauth_destination should maybe also be
higher up.  And what purpose does your relay_domains server at the
end?

Simon



--
Incase of any further queries, Please feel free to mail me or contact me on the numbers provided below.

Thanks & Regards,
Dilip H.Mishra
Server Administrator

Viva Infomedia Pvt. Ltd.
242, Oshiwara Industrial Centre,
Opp. Oshiwara Bus Depot, New Link Road,
Goregaon West, Mumbai 400104.

Direct: +91.22.4293 0162
Board: +91.22.4293 0100


Viva Infomedia: Awarded as Best SME (E-Commerce) at CNBC Emerging India Awards 2009

Disclaimer:
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure,dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. The recipient acknowledges that Viva Infomedia Pvt.Ltd. or its subsidiaries and associated companies are unable to exercise control or ensure or guarantee the integrity of/over the contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of Viva Infomedia Pvt.Ltd. Before opening any attachments please check them for viruses and defects.