Sender dependent relay: Reject unknown senders

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Sender dependent relay: Reject unknown senders

Michael Büker
Hello, list!

My setup is this: I use postfix to relay mail to external SMTP servers
(of ISP, employer etc.) according to sender_dependent_relayhost_maps.
This works with multiple "From: " identities set by various MUAs. Local
delivery to dovecot is also set up for mail from cron etc. All this
works fine.

postconf -n:
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
compatibility_level = 2
inet_protocols = ipv4
local_recipient_maps =
mailbox_command = /usr/libexec/dovecot/dovecot-lda
mydestination = <redacted>
myhostname = <redacted>
mynetworks_style = host
sender_dependent_relayhost_maps = hash:/etc/auth/postfix-relayhosts
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/auth/postfix-logindata
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_mandatory_ciphers = high
smtp_tls_security_level = encrypt

master.cf (head):
127.0.0.1:25      inet  n       -       n       -       -       smtpd
   -o syslog_name=postfix/localhost

My problem is: Sometimes, a client may provide a "From: " identity
that's not represented in sender_dependent_relayhost_maps, because of a
typo, wrong setting or something. postfix then does not relay the mail,
but attempts to deliver it directly to the receiver domain's MX. This
gets me in all sorts of trouble, because without SMTP relay, I'm just a
loser on a dynamic IP. Receiver MX servers reject my mail, block my IP
and so on.

Here's two alternate ideas of how I would like postfix to behave
instead:

1. Postfix should reject all mail that doesn't have a "From: " identity
associated with a relayhost in sender_dependent_relayhost_maps.

2. Postfix should *only* relay through one of the hosts in
sender_dependent_relayhost_maps (or deliver locally), and *never* try to
deliver directly to some external domain's MX.

How could I achieve this behavior?

Thanks for your time!
Michael
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sender dependent relay: Reject unknown senders

Michael Büker
Hi list,

sorry to bump myself here, but can anyone say if what I'd like is even
possible with postfix?

Should this be a feature request to the devs, maybe?

Thanks :)
Michael

On 18.07.2017 13:02, Michael Büker wrote:

> Here's two alternate ideas of how I would like postfix to behave
> instead:
>
> 1. Postfix should reject all mail that doesn't have a "From: "
> identity associated with a relayhost in
> sender_dependent_relayhost_maps.
>
> 2. Postfix should *only* relay through one of the hosts in
> sender_dependent_relayhost_maps (or deliver locally), and *never* try
> to deliver directly to some external domain's MX.
>
> How could I achieve this behavior?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sender dependent relay: Reject unknown senders

/dev/rob0
On Fri, Jul 21, 2017 at 10:36:47PM +0200, Michael Büker wrote:
> sorry to bump myself here, but can anyone say if what I'd like is
> even possible with postfix?

Of course.

> Should this be a feature request to the devs, maybe?

If so that would be done here also.

> On 18.07.2017 13:02, Michael Büker wrote:
> >Here's two alternate ideas of how I would like postfix to behave
> >instead:
> >
> >1. Postfix should reject all mail that doesn't have a "From: "
> >identity associated with a relayhost in
> >sender_dependent_relayhost_maps.

You'd want a check_sender_access restriction lookup against the
sender address list.

A nice way to keep such a list in one file would be a sqlite
database.  For the restriction it would simply return "OK":

[ main.cf ]

[ ... ]
sender_dependent_relayhost_maps =
        sqlite:/path/to/sender/relay-query
smtpd_sender_restrictions = check_sender_access
        sqlite:/path/to/sender/access-query, reject

The sender_dependent_relayhost_maps query would use the same sqlite
backend and same basic query, but the access query would have a
"result_format = OK".

(You can use any lookup table type you want, I am merely making a
suggestion in the interest of having all the data in one place.)

> >2. Postfix should *only* relay through one of the hosts in
> >sender_dependent_relayhost_maps (or deliver locally), and *never*
> >try to deliver directly to some external domain's MX.

That one could be done with "default_transport = error:not allowed"
and replacing sender_dependent_relayhost_maps with
sender_dependent_default_transport_maps.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sender dependent relay: Reject unknown senders

Michael Büker
Thank you rob0, I decided to go with your second suggestion:

> > > 2. Postfix should *only* relay through one of the hosts in
> > > sender_dependent_relayhost_maps (or deliver locally), and *never*
> > > try to deliver directly to some external domain's MX.
>
> That one could be done with "default_transport = error:not allowed"
> and replacing sender_dependent_relayhost_maps with
> sender_dependent_default_transport_maps.

This works as intended. After reading a bit more about error(8) and DSN
codes, I decided to go with a verbose error message I can recognize:

default_transport = error:5.1.8 no relay for this sender address

For reasons I don't fully understand, postfix' smtpd maps the return DSN
from 5.1.8 to 5.1.2, but that's not a concern to me.

Thanks again for your time,
Michael
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Sender dependent relay: Reject unknown senders

Wietse Venema
Michael B?ker:

> Thank you rob0, I decided to go with your second suggestion:
>
> > > > 2. Postfix should *only* relay through one of the hosts in
> > > > sender_dependent_relayhost_maps (or deliver locally), and *never*
> > > > try to deliver directly to some external domain's MX.
> >
> > That one could be done with "default_transport = error:not allowed"
> > and replacing sender_dependent_relayhost_maps with
> > sender_dependent_default_transport_maps.
>
> This works as intended. After reading a bit more about error(8) and DSN
> codes, I decided to go with a verbose error message I can recognize:
>
> default_transport = error:5.1.8 no relay for this sender address
>
> For reasons I don't fully understand, postfix' smtpd maps the return DSN
> from 5.1.8 to 5.1.2, but that's not a concern to me.

The SMTP server error response says:

    recipient address rejected (plus your free text)

Therefore the DSN code is that for recipient. It's not clever
enough to understand your free text.

To avoid conversion, specify 5.0.0.

        Wietse

> Thanks again for your time,
> Michael
>
Loading...