I want a single account to only accept NDRs. Other email should be rejected.
Would the following work correctly? smtpd_recipient_restrictions: ... check_recipient_access hash:/etc/postfix/receieve_only ... /etc/postfix/receieve_only: [hidden email] check_sender_access hash:/etc/postfix/ndr_senders /etc/postfix/ndr_senders: <> OK * REJECT This mailbox is not available. Brian |
Brian Evans - Postfix List wrote:
> I want a single account to only accept NDRs. Other email should be > rejected. > > Would the following work correctly? > > smtpd_recipient_restrictions: > ... > check_recipient_access hash:/etc/postfix/receieve_only > ... > > /etc/postfix/receieve_only: > [hidden email] check_sender_access hash:/etc/postfix/ndr_senders > > > /etc/postfix/ndr_senders: > > <> OK > * REJECT This mailbox is not available. > Your logic is correct, but hash: maps don't support a wildcard entry. Use a regexp: or pcre: map type instead. /^<>$/ OK /^/ REJECT mailbox not available -- Noel Jones |
Noel Jones wrote:
> Brian Evans - Postfix List wrote: >> I want a single account to only accept NDRs. Other email should be >> rejected. >> >> Would the following work correctly? >> >> smtpd_recipient_restrictions: >> ... >> check_recipient_access hash:/etc/postfix/receieve_only >> ... >> >> /etc/postfix/receieve_only: >> [hidden email] check_sender_access >> hash:/etc/postfix/ndr_senders >> >> >> /etc/postfix/ndr_senders: >> >> <> OK >> * REJECT This mailbox is not available. >> > > Your logic is correct, but hash: maps don't support a wildcard entry. > Use a regexp: or pcre: map type instead. > /^<>$/ OK > /^/ REJECT mailbox not available > advice? mail_version = 2.4.6 postconf -n: alias_maps = hash:/etc/postfix/aliases, hash:/var/lib/mailman/data/aliases, proxy:mysql:/etc/postfix/mysql-virtual-aliases.cf append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks bounce_size_limit = 1 config_directory = /etc/postfix disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks home_mailbox = .maildir/ inet_interfaces = localhost, example.com message_size_limit = 20480000 mydestination = $myhostname, localhost.$mydomain, $mydomain myhostname = mx1.example.com mynetworks = !192.168.123.4, 192.168.123.0/24, 127.0.0.0/8 myorigin = $mydomain parent_domain_matches_subdomains = proxy_interfaces = 69.48.33.25 smtpd_authorized_xclient_hosts = localhost smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname smtpd_milters = unix:/var/amavis/amavisd-milter.sock smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/receieve_only, check_recipient_access hash:/etc/postfix/reject_old_redirect, reject_unlisted_recipient, reject_non_fqdn_recipient, check_client_access cidr:/etc/postfix/postfix-dnswl-permit, reject_unknown_client_hostname, check_policy_service inet:127.0.0.1:12525, check_recipient_access pcre:/etc/postfix/sender_access.pcre smtpd_restriction_classes = ndr_only smtpd_sender_restrictions = permit_mynetworks, check_sender_access pcre:/etc/postfix/sender_access.pcre, check_sender_access hash:/etc/postfix/blacklisted_senders smtpd_tls_CAfile = /etc/postfix/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/newcert.pem smtpd_tls_key_file = /etc/postfix/newkey.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s swap_bangpath = no transport_maps = hash:/etc/postfix/transport virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf ndr_only = check_recipient_access hash:/etc/postfix/ndr_senders,reject $ cat /etc/postfix/ndr_senders <> OK $ cat /etc/postfix/receieve_only [hidden email] ndr_only Log: Aug 20 12:36:41 mx1 postfix/smtpd[7408]: NOQUEUE: reject: RCPT from raven.securenet-server.net[207.45.186.82]: 554 5.7.1 <[hidden email]>: Recipient address rejected: Access denied; from=<> to=<[hidden email]> proto=SMTP helo=<raven.securenet-server.net> |
Brian Evans - Postfix List wrote:
> Noel Jones wrote: >> Brian Evans - Postfix List wrote: >>> I want a single account to only accept NDRs. Other email should be >>> rejected. >>> >>> Would the following work correctly? >>> >>> smtpd_recipient_restrictions: >>> ... >>> check_recipient_access hash:/etc/postfix/receieve_only >>> ... >>> >>> /etc/postfix/receieve_only: >>> [hidden email] check_sender_access >>> hash:/etc/postfix/ndr_senders >>> >>> >>> /etc/postfix/ndr_senders: >>> >>> <> OK >>> * REJECT This mailbox is not available. >>> >> Your logic is correct, but hash: maps don't support a wildcard entry. >> Use a regexp: or pcre: map type instead. >> /^<>$/ OK >> /^/ REJECT mailbox not available >> > I've tried to implement this and it does not seem to work properly. Any > advice? > > mail_version = 2.4.6 > > postconf -n: > alias_maps = hash:/etc/postfix/aliases, > hash:/var/lib/mailman/data/aliases, > proxy:mysql:/etc/postfix/mysql-virtual-aliases.cf > append_dot_mydomain = no > biff = no > body_checks = regexp:/etc/postfix/body_checks > bounce_size_limit = 1 > config_directory = /etc/postfix > disable_vrfy_command = yes > header_checks = pcre:/etc/postfix/header_checks > home_mailbox = .maildir/ > inet_interfaces = localhost, example.com > message_size_limit = 20480000 > mydestination = $myhostname, localhost.$mydomain, $mydomain > myhostname = mx1.example.com > mynetworks = !192.168.123.4, 192.168.123.0/24, 127.0.0.0/8 > myorigin = $mydomain > parent_domain_matches_subdomains = > proxy_interfaces = 69.48.33.25 > smtpd_authorized_xclient_hosts = localhost > smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname > smtpd_milters = unix:/var/amavis/amavisd-milter.sock > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, check_recipient_access > hash:/etc/postfix/receieve_only, check_recipient_access > hash:/etc/postfix/reject_old_redirect, reject_unlisted_recipient, > reject_non_fqdn_recipient, check_client_access > cidr:/etc/postfix/postfix-dnswl-permit, reject_unknown_client_hostname, > check_policy_service inet:127.0.0.1:12525, check_recipient_access > pcre:/etc/postfix/sender_access.pcre > smtpd_restriction_classes = ndr_only > smtpd_sender_restrictions = permit_mynetworks, check_sender_access > pcre:/etc/postfix/sender_access.pcre, check_sender_access > hash:/etc/postfix/blacklisted_senders > smtpd_tls_CAfile = /etc/postfix/cacert.pem > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/postfix/newcert.pem > smtpd_tls_key_file = /etc/postfix/newkey.pem > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_timeout = 3600s > swap_bangpath = no > transport_maps = hash:/etc/postfix/transport > virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf > > > ndr_only = check_recipient_access hash:/etc/postfix/ndr_senders,reject That needs to be check_sender_access -- Noel Jones > > $ cat /etc/postfix/ndr_senders > <> OK > > $ cat /etc/postfix/receieve_only > [hidden email] ndr_only > > Log: > Aug 20 12:36:41 mx1 postfix/smtpd[7408]: NOQUEUE: reject: RCPT from > raven.securenet-server.net[207.45.186.82]: 554 5.7.1 > <[hidden email]>: Recipient address rejected: Access denied; > from=<> to=<[hidden email]> proto=SMTP > helo=<raven.securenet-server.net> > |
In reply to this post by Brian Evans - Postfix List
Brian Evans - Postfix List wrote:
> [snip] > > ndr_only = check_recipient_access hash:/etc/postfix/ndr_senders,reject > if you want to check the recipient, rename your map. if you want to check the sender, rename your check. > $ cat /etc/postfix/ndr_senders > <> OK This will never match a recipient. > > $ cat /etc/postfix/receieve_only > [hidden email] ndr_only > > Log: > Aug 20 12:36:41 mx1 postfix/smtpd[7408]: NOQUEUE: reject: RCPT from > raven.securenet-server.net[207.45.186.82]: 554 5.7.1 > <[hidden email]>: Recipient address rejected: Access denied; > from=<> to=<[hidden email]> proto=SMTP > helo=<raven.securenet-server.net> [hidden email] is not listed in ndr_senders, so it doesn't get an OK. |
mouss wrote:
> Brian Evans - Postfix List wrote: >> [snip] >> >> ndr_only = check_recipient_access hash:/etc/postfix/ndr_senders,reject >> > > if you want to check the recipient, rename your map. > if you want to check the sender, rename your check. > >> $ cat /etc/postfix/ndr_senders >> <> OK > > This will never match a recipient. > >> >> $ cat /etc/postfix/receieve_only >> [hidden email] ndr_only >> >> Log: >> Aug 20 12:36:41 mx1 postfix/smtpd[7408]: NOQUEUE: reject: RCPT from >> raven.securenet-server.net[207.45.186.82]: 554 5.7.1 >> <[hidden email]>: Recipient address rejected: Access denied; >> from=<> to=<[hidden email]> proto=SMTP >> helo=<raven.securenet-server.net> > > [hidden email] is not listed in ndr_senders, so it doesn't get > an OK. > Thanks Noel and mouss. Answers are always staring me in the face and it takes someone else to make sense of it. Brian |
Free forum by Nabble | Edit this page |