Using check_sender_access and check_recipient_access

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using check_sender_access and check_recipient_access

Taisto Qvist
Hi folks,

I am using the following two restrictions in my main.cf (in
smtpd_recipient_restrictions),
for postfix 2.5.

"check_sender_access hash:/etc/postfix/access"
and
"check_recipient_access hash:/etc/postfix/disallowed"

Shouldnt the line in /etc/postfix/access:

".se                             OK"

...auto-allow ALL traffic from <anydomain>.se?

Doing "postmap -q .se /etc/postfix/access" will return "OK" so it seems
to be stored properly,
but I am still receiving rejections from rules later in
smtpd_recipient_restrictions.

The file hash:/etc/postfix/disallowed contains(for instance)

nyhetsbrev@     REJECT  This address is only usable by internal systems.

Now, I just found a rejection in my log, because the sender had the
address [hidden email],
but the receiver was just a plain user in our domain.
Shouldnt check_recipient_access only check the receiver data, not sender??

May 26 20:38:09 mta postfix/smtpd[17982]: NOQUEUE: reject: RCPT from
server.levonline.com[217.x.x.x]:
554 5.7.1 <[hidden email]>: Sender address rejected: This is
only for internal ip-solutions usage;
from=<[hidden email]> to=<[hidden email]>
proto=ESMTP helo=<server.levonline.com>

If you could tell me what I am doing wrong, I'd much appreciate it!

Kind Regards
Taisto Qvist
Ip-Solutions.se

Reply | Threaded
Open this post in threaded view
|

Re: Using check_sender_access and check_recipient_access

Magnus Bäck
On Tuesday, May 27, 2008 at 08:34 CEST,
     Taisto Qvist <[hidden email]> wrote:

> I am using the following two restrictions in my main.cf (in
> smtpd_recipient_restrictions),
> for postfix 2.5.
>
> "check_sender_access hash:/etc/postfix/access"
> and
> "check_recipient_access hash:/etc/postfix/disallowed"
>
> Shouldnt the line in /etc/postfix/access:
>
> ".se                             OK"
>
> ...auto-allow ALL traffic from <anydomain>.se?

Only if smtpd_access_maps is NOT listed in
parent_domain_matches_subdomains, assuming that
the check_recipient_access restriction is suitably
placed of course. See access(5).

> Doing "postmap -q .se /etc/postfix/access" will return "OK" so it seems
> to be stored properly,
> but I am still receiving rejections from rules later in
> smtpd_recipient_restrictions.
>
> The file hash:/etc/postfix/disallowed contains(for instance)
>
> nyhetsbrev@     REJECT  This address is only usable by internal systems.
>
> Now, I just found a rejection in my log, because the sender had the
> address [hidden email],
> but the receiver was just a plain user in our domain.
> Shouldnt check_recipient_access only check the receiver data, not sender??

Correct.

> May 26 20:38:09 mta postfix/smtpd[17982]: NOQUEUE: reject: RCPT from
> server.levonline.com[217.x.x.x]:
> 554 5.7.1 <[hidden email]>: Sender address rejected: This is
> only for internal ip-solutions usage;
> from=<[hidden email]> to=<[hidden email]>
> proto=ESMTP helo=<server.levonline.com>

Show "postconf -n" output.

--
Magnus Bäck
[hidden email]