Postfix Postfix Users

Verify the proper configuration for blocking/whitelisting a sender.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Joey J
Reply | Threaded
Open this post in threaded view
|

Verify the proper configuration for blocking/whitelisting a sender.

Joey J
Hello All,

Trying to make sure I'm doing this correctly, both at the right point within the mail communications and in the format of my hash file.

smtpd_recipient_restrictions=
   check_sender_access hash:name of file

And within that file have both white & blacklist like so:
1.2.3.4  550 Block-I dont like you
1.5.6.0/24 550 Block I dont like any of you.

--
Thanks!
Joey
Wietse Venema
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Wietse Venema
Joey J:
> Hello All,
>
> Trying to make sure I'm doing this correctly, both at the right point
> within the mail communications and in the format of my hash file.
>
> smtpd_recipient_restrictions=
>    check_sender_access hash:name of file

This may be OK, provded that you have reject_unauth_destination or
defer_unauth_destination in your smtpd_relay_restrictions.

> And within that file have both white & blacklist like so:
> youareok.com   OK
> youarebad.com  REJCT
> 1.2.3.4  550 Block-I dont like you
> 1.5.6.0/24 550 Block I dont like any of you.

The last form is supported only with CIDR maps.

smtpd_recipient_restrictions=
   check_sender_access hash:some-file
   check_sender_access cidr:other-file

        Wietse
Joey J
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Joey J
Thank you Wietse, not only for replying to this messages and helping but for everything you do!

I will use the CIDR format ( I'm remembering from an older version I believe that didn't exist 2.11.11 ) 
For the domain names and or email addresses do you recommend a better method?
And it's still OK to use the custom message for the block?

Thank you!


On Tue, Oct 27, 2020 at 3:59 PM Wietse Venema <[hidden email]> wrote:
Joey J:
> Hello All,
>
> Trying to make sure I'm doing this correctly, both at the right point
> within the mail communications and in the format of my hash file.
>
> smtpd_recipient_restrictions=
>    check_sender_access hash:name of file

This may be OK, provded that you have reject_unauth_destination or
defer_unauth_destination in your smtpd_relay_restrictions.

> And within that file have both white & blacklist like so:
> youareok.com   OK
> youarebad.com  REJCT
> 1.2.3.4  550 Block-I dont like you
> 1.5.6.0/24 550 Block I dont like any of you.

The last form is supported only with CIDR maps.

smtpd_recipient_restrictions=
   check_sender_access hash:some-file
   check_sender_access cidr:other-file

        Wietse


--
Thanks!
Joey
Benny Pedersen-2
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Benny Pedersen-2
In reply to this post by Joey J
Joey J skrev den 2020-10-27 20:44:

> Hello All,
>
> Trying to make sure I'm doing this correctly, both at the right point
> within the mail communications and in the format of my hash file.
>
> smtpd_recipient_restrictions=
>    check_sender_access hash:name of file
>
> And within that file have both white & blacklist like so:
> youareok.com    OK
> youarebad.com  REJCT
> 1.2.3.4  550 Block-I dont like you
> 1.5.6.0/24 550 Block I dont like any of you.

hash does not support cidr mapping

check sender is only test sender domains with valid local part,

so seperate matching in seperate check foo access with seperatly maps

remember each check foo access is checked in order of listning
Benny Pedersen-2
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Benny Pedersen-2
In reply to this post by Wietse Venema
Wietse Venema skrev den 2020-10-27 20:58:

> smtpd_recipient_restrictions=
>    check_sender_access hash:some-file
>    check_sender_access cidr:other-file

would it not be

check_client_access for the cidr map ?
Joey J
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Joey J
I'm not sure, that's why I wanted to verify, I haven't used postfix since 2.11 so I have to get back into the details.


On Tue, Oct 27, 2020 at 4:15 PM Benny Pedersen <[hidden email]> wrote:
Wietse Venema skrev den 2020-10-27 20:58:

> smtpd_recipient_restrictions=
>    check_sender_access hash:some-file
>    check_sender_access cidr:other-file

would it not be

check_client_access for the cidr map ?


--
Thanks!
Joey
Matus UHLAR - fantomas
Reply | Threaded
Open this post in threaded view
|

Re: Verify the proper configuration for blocking/whitelisting a sender.

Matus UHLAR - fantomas
>> Wietse Venema skrev den 2020-10-27 20:58:
>> > smtpd_recipient_restrictions=
>> >    check_sender_access hash:some-file
>> >    check_sender_access cidr:other-file

>On Tue, Oct 27, 2020 at 4:15 PM Benny Pedersen <[hidden email]> wrote:
>> would it not be
>>
>> check_client_access for the cidr map ?

On 27.10.20 16:27, Joey J wrote:
>I'm not sure, that's why I wanted to verify, I haven't used postfix since
>2.11 so I have to get back into the details.

it would, as Benny said in another mail

check_sender_access checks mail from: address
check_client_access checks client's IP address
- note the cidr vs hash.

- you can replace 1.5.6.0/24 by 1.5.6 in hash maps but cidr is more comfort



--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]
Free forum by Nabble Edit this page