UCE and restriction classes
Locked
 
|
Hi all,
I succeed to limit some local users to send mail only on my local domain, but I would like to limit the mail received ONLY from the local users too for these users, no mails from internet (others domains). There is my actual Postfix config: /etc/postfix/main.cf: ... smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders permit_mynetworks reject_unauth_destination reject_unknown_sender_domain permit smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject ... /etc/postfix/restricted_senders: ... [hidden email] addr_class_1 [hidden email] addr_class_1 [hidden email] addr_class_1 [hidden email] addr_class_1 ... /etc/postfix/local_domains: mjc-idf.asso.fr OK gw.mjc-idf.asso.fr OK /etc/postfix/addr_class_1: mjc-idf.asso.fr OK -------------------------------------- What I have to add to restrict the received mail only from local domain for these users ? Thanks in advance for your help. Sam. -- Sam Przyswa - Chef de projet Email: [hidden email] Arial Concept - Intégrateur Internet 36, rue de Turin - 75008 - Paris - France Tel: 01 40 54 86 04 - Fax: 01 40 54 83 01 Fax privé: 09 57 12 27 22 Skype ID: arial-concept Web: http://www.arial-concept.com -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé. For all your IT requirements visit: http://www.transtec.co.uk |
|
|
Sam Przyswa wrote:
> Hi all, > > I succeed to limit some local users to send mail only on my local > domain, but I would like to limit the mail received ONLY from the local > users too for these users, no mails from internet (others domains). > > There is my actual Postfix config: > > /etc/postfix/main.cf: > ... > smtpd_recipient_restrictions = check_sender_access > hash:/etc/postfix/restricted_senders this is wrong. see below. > permit_mynetworks > reject_unauth_destination > reject_unknown_sender_domain > permit > smtpd_restriction_classes = local_only > local_only = check_recipient_access hash:/etc/postfix/local_domains, reject > ... > > /etc/postfix/restricted_senders: > ... > [hidden email] addr_class_1 > [hidden email] addr_class_1 > [hidden email] addr_class_1 > [hidden email] addr_class_1 > ... > > /etc/postfix/local_domains: > mjc-idf.asso.fr OK > gw.mjc-idf.asso.fr OK > > /etc/postfix/addr_class_1: > mjc-idf.asso.fr OK > now, you are an open relay. any attackers who sends you mail from an address @mjc-idf... can use your system as a relay. do never ever return OK in smtpd_recipient_restrictions before reject_unauth_destination based on information that the sender can forge. this include sender and helo. use the following instead smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_unknown_sender_domain an OK in smtpd_sender_restrictions will not skip smtpd_recipient_restrictions, so no open relay. > -------------------------------------- > > What I have to add to restrict the received mail only from local domain > for these users ? > not clear what you mean by "from local domain"? ("domain" is ambiguous: is it the domain of the IP? is it the domain in the sender address?). if you only want mail from mynetworks, simply do smtpd_recipient_restrictions = permit_mynetworks reject if you want something else, please explain the real problem you are trying to solve (explain your setup). if you feel more confortable with french, contact me offlist and I'll summarize here. |
|
|
mouss a écrit : > Sam Przyswa wrote: >> Hi all, >> >> I succeed to limit some local users to send mail only on my local >> domain, but I would like to limit the mail received ONLY from the >> local users too for these users, no mails from internet (others >> domains). >> >> There is my actual Postfix config: >> >> /etc/postfix/main.cf: >> ... >> smtpd_recipient_restrictions = check_sender_access >> hash:/etc/postfix/restricted_senders > > this is wrong. see below. > >> permit_mynetworks >> reject_unauth_destination >> reject_unknown_sender_domain >> permit >> smtpd_restriction_classes = local_only >> local_only = check_recipient_access hash:/etc/postfix/local_domains, >> reject >> ... >> >> /etc/postfix/restricted_senders: >> ... >> [hidden email] addr_class_1 >> [hidden email] addr_class_1 >> [hidden email] addr_class_1 >> [hidden email] addr_class_1 >> ... >> >> /etc/postfix/local_domains: >> mjc-idf.asso.fr OK >> gw.mjc-idf.asso.fr OK >> >> /etc/postfix/addr_class_1: >> mjc-idf.asso.fr OK >> > > > now, you are an open relay. any attackers who sends you mail from an > address @mjc-idf... can use your system as a relay. > > do never ever return OK in smtpd_recipient_restrictions before > reject_unauth_destination based on information that the sender can > forge. this include sender and helo. > > use the following instead > > smtpd_sender_restrictions = > check_sender_access hash:/etc/postfix/restricted_senders > > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > reject_unknown_sender_domain > > an OK in smtpd_sender_restrictions will not skip > smtpd_recipient_restrictions, so no open relay. Argh #@! Thanks a lot ! > >> -------------------------------------- >> >> What I have to add to restrict the received mail only from local >> domain for these users ? >> > > not clear what you mean by "from local domain"? ("domain" is > ambiguous: is it the domain of the IP? is it the domain in the sender > address?). I need for the users below (in restricted_senders) that don't receive mails from internet, from an other domain than mjc-idf.asso.fr and only from $mynetworks. > if you only want mail from mynetworks, simply do > > smtpd_recipient_restrictions = > permit_mynetworks > reject > Yes but for all others users I have to received mails from internet, local domain and $mynetworks. Thanks again. Sam. -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé. For all your IT requirements visit: http://www.transtec.co.uk |
«
Return to Postfix Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |