What does check_sender_access checks?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

What does check_sender_access checks?

rdquiterio
Hi;

I made a filter to let postfix relay messages from specific senders. I
tested the filter via telnet (mail from: rcpt to: data …) on the postfix
server and it was doing ok.

But, after deployment, the filter is failing and I suppose that it may be
due to the Return-Path field on the "real" message.

Any clue? Thank you.

This is on my main.cf:

smtpd_relay_restrictions =
   reject_unauth_pipelining,
   reject_non_fqdn_recipient,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   check_sender_access hash:/etc/postfix/senders,
   check_recipient_access hash:/etc/postfix/users_internet_mail,
   reject


And this is on the "real" message:

.
.
.

From: <[hidden email]>
To: <[hidden email]>
.
.
.

Return-Path:
[hidden email]






--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: What does check_sender_access checks?

Dominic Raferd


On Tue, 21 Jan 2020 at 12:54, rdquiterio <[hidden email]> wrote:
Hi;

I made a filter to let postfix relay messages from specific senders. I
tested the filter via telnet (mail from: rcpt to: data …) on the postfix
server and it was doing ok.

But, after deployment, the filter is failing and I suppose that it may be
due to the Return-Path field on the "real" message.

Any clue? Thank you.

This is on my main.cf:

smtpd_relay_restrictions =
   reject_unauth_pipelining,
   reject_non_fqdn_recipient,
   reject_invalid_hostname,
   reject_non_fqdn_hostname,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   check_sender_access hash:/etc/postfix/senders,
   check_recipient_access hash:/etc/postfix/users_internet_mail,
   reject


And this is on the "real" message:

.
.
.

From: <[hidden email]>
To: <[hidden email]>
.
.
.

Return-Path:
[hidden email]

check_sender_access checks against the envelope sender (i.e. the return-path), not the 'From:' header. If you want to check the 'From:' header, use header_checks.
Reply | Threaded
Open this post in threaded view
|

Re: What does check_sender_access checks?

rdquiterio
Ok.

In this case the Return-Path is kinda random, so there's no use to it.

On the other hand, looking to the headers_checks examples I cannot see how
could I allow all mail from a specific "Mail From:" to be relayed?

Is it possible?

Thank you.



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: What does check_sender_access checks?

Matus UHLAR - fantomas
On 21.01.20 07:08, rdquiterio wrote:
>In this case the Return-Path is kinda random, so there's no use to it.

return-path is header where the MDA uses to store original envelope from,
but usually not a real header.

>On the other hand, looking to the headers_checks examples I cannot see how
>could I allow all mail from a specific "Mail From:" to be relayed?
>
>Is it possible?

no.  the "mail from:" is not a header, but an envelope from address, so you
must use check_sender_access instead.

However, you should not allow relaying based on envelope from address.
Maybe on SMTP authentication or source IP address.

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
Reply | Threaded
Open this post in threaded view
|

Re: What does check_sender_access checks?

rdquiterio
Ok.

Thank you very much, Dominic.



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html