accept mail for a specified, unknown domain?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

accept mail for a specified, unknown domain?

mangoo
I have a trusted site which sends emails with an unknown sender address,
say, [hidden email]. I would like to accept emails which are sent from
that domain.

Right now, my settings reject senders with an unknown domain:

smtpd_sender_restrictions = permit_sasl_authenticated,
                             reject_unknown_sender_domain,
                             reject_non_fqdn_sender


I tried adding this line to smtpd_sender_restrictions:

    check_client_access hash:/etc/postfix/access,

and adding either of the lines to the access file (+ running postmap):

[hidden email] OK
example.tld OK

Which didn't work - still, I get "Sender address rejected: Domain not
found".


Where can I allow one specified, unknown domain?


--
Tomasz Chmielewski
http://wpkg.org

Reply | Threaded
Open this post in threaded view
|

Re: accept mail for a specified, unknown domain?

mangoo
Tomasz Chmielewski schrieb:

> I have a trusted site which sends emails with an unknown sender address,
> say, [hidden email]. I would like to accept emails which are sent from
> that domain.
>
> Right now, my settings reject senders with an unknown domain:
>
> smtpd_sender_restrictions = permit_sasl_authenticated,
>                             reject_unknown_sender_domain,
>                             reject_non_fqdn_sender
>
>
> I tried adding this line to smtpd_sender_restrictions:
>
>    check_client_access hash:/etc/postfix/access,
>
> and adding either of the lines to the access file (+ running postmap):
>
> [hidden email] OK
> example.tld OK
>
> Which didn't work - still, I get "Sender address rejected: Domain not
> found".

I noticed that it works as I expected if I add just:

     hash:/etc/postfix/access,

and not:

     check_client_access hash:/etc/postfix/access,

to smtpd_sender_restrictions.


In that case, http://www.postfix.org/uce.html#smtpd_sender_restrictions 
is a bit confusing. Could anyone clarify it a bit, and a difference
between two syntaxes?


--
Tomasz Chmielewski
http://wpkg.org
Reply | Threaded
Open this post in threaded view
|

Re: accept mail for a specified, unknown domain?

Victor Duchovni
On Thu, Jul 17, 2008 at 10:49:27AM +0200, Tomasz Chmielewski wrote:

> I noticed that it works as I expected if I add just:
>
>     hash:/etc/postfix/access,
>
> and not:
>
>     check_client_access hash:/etc/postfix/access,
>
> to smtpd_sender_restrictions.

No, it does not work, because the implicit table check in that context is
"check_sender_access" not "check_client_access" (which is the default
for smtpd_client_restrictions).

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

implicit table checks (was: Re: accept mail for a specified, unknown domain?)

Markus Schönhaber-16
Victor Duchovni wrote:

> No, it does not work, because the implicit table check in that context is
> "check_sender_access" not "check_client_access" (which is the default
> for smtpd_client_restrictions).

I have seen such plain type:table checks in a postfix system I've
inherited and that was set up by someone else, therefore I knew they
were syntactically correct. But I've not managed to find the place in
the documentation that says it is allowed to use type:table as a
restriction and what this would effectively mean in the different
restriction contexts.
Did I simply miss the relevant part of the docs? If so, could you please
point me to it?

Regards
  mks
Reply | Threaded
Open this post in threaded view
|

Re: accept mail for a specified, unknown domain?

mangoo
In reply to this post by Victor Duchovni
Victor Duchovni schrieb:

> On Thu, Jul 17, 2008 at 10:49:27AM +0200, Tomasz Chmielewski wrote:
>
>> I noticed that it works as I expected if I add just:
>>
>>     hash:/etc/postfix/access,
>>
>> and not:
>>
>>     check_client_access hash:/etc/postfix/access,
>>
>> to smtpd_sender_restrictions.
>
> No, it does not work, because the implicit table check in that context is
> "check_sender_access" not "check_client_access" (which is the default
> for smtpd_client_restrictions).

IMO check_client_access is not explained well enough on
http://www.postfix.org/spam.html#smtpd_sender_restrictions - the
description redirects to another page, where smtpd_client_restrictions
is discussed.


So using either:

smtpd_sender_restrictions =
             check_sender_access hash:/etc/postfix/access,

or:

smtpd_sender_restrictions =
             hash:/etc/postfix/access,

seem to have the same effect? At least my testing indicates so (and
http://www.postfix.org/spam.html#smtpd_client_restrictions implies).
In that case, the first form is more clear.


Bonus question - is it possible to accept a given unknown domain from a
specified IP address only?

Say, accept non-existing @example.tld sent from 10.1.1.1, but reject
@second_non_existing.example sent from that same 10.1.1.1?



--
Tomasz Chmielewski
http://wpkg.org
Reply | Threaded
Open this post in threaded view
|

Re: implicit table checks (was: Re: accept mail for a specified, unknown domain?)

Wietse Venema
In reply to this post by Markus Schönhaber-16
Markus Sch??nhaber:

> Victor Duchovni wrote:
>
> > No, it does not work, because the implicit table check in that context is
> > "check_sender_access" not "check_client_access" (which is the default
> > for smtpd_client_restrictions).
>
> I have seen such plain type:table checks in a postfix system I've
> inherited and that was set up by someone else, therefore I knew they
> were syntactically correct. But I've not managed to find the place in
> the documentation that says it is allowed to use type:table as a
> restriction and what this would effectively mean in the different
> restriction contexts.

Only the explicit form is documented. The implicit form is
deprecated, and may be removed in the future.

        Wietse

> Did I simply miss the relevant part of the docs? If so, could you please
> point me to it?
>
> Regards
>   mks
>
>

Reply | Threaded
Open this post in threaded view
|

Re: accept mail for a specified, unknown domain?

Wietse Venema
In reply to this post by mangoo
Tomasz Chmielewski:

> Victor Duchovni schrieb:
> > On Thu, Jul 17, 2008 at 10:49:27AM +0200, Tomasz Chmielewski wrote:
> >
> >> I noticed that it works as I expected if I add just:
> >>
> >>     hash:/etc/postfix/access,
> >>
> >> and not:
> >>
> >>     check_client_access hash:/etc/postfix/access,
> >>
> >> to smtpd_sender_restrictions.
> >
> > No, it does not work, because the implicit table check in that context is
> > "check_sender_access" not "check_client_access" (which is the default
> > for smtpd_client_restrictions).
>
> IMO check_client_access is not explained well enough on
> http://www.postfix.org/spam.html#smtpd_sender_restrictions - the

As documented at the top of that page, this text is not updated
and exists only to avoid breaking links in old documents.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: implicit table checks (was: Re: accept mail for a specified, unknown domain?)

Markus Schönhaber-16
In reply to this post by Wietse Venema
Wietse Venema wrote:

> Markus Schönhaber:

>> I have seen such plain type:table checks in a postfix system I've
>> inherited and that was set up by someone else, therefore I knew they
>> were syntactically correct. But I've not managed to find the place in
>> the documentation that says it is allowed to use type:table as a
>> restriction and what this would effectively mean in the different
>> restriction contexts.
>
> Only the explicit form is documented. The implicit form is
> deprecated, and may be removed in the future.

OK, thanks.
I didn't plan to use this form of configuration. OTOH, in case I, again,
stumble upon a postfix system where plain type:table restrictions are
used: is it safe to assume that
smtpd_mumble_restrictions = type:table
effectively means
smtpd_mumble_restrictions = check_mumble_access type:table
?

Regards
  mks
Reply | Threaded
Open this post in threaded view
|

Re: implicit table checks (was: Re: accept mail for a specified, unknown domain?)

mouss-2
Markus Schönhaber wrote:

> Wietse Venema wrote:
>
>> Markus Schönhaber:
>
>>> I have seen such plain type:table checks in a postfix system I've
>>> inherited and that was set up by someone else, therefore I knew they
>>> were syntactically correct. But I've not managed to find the place in
>>> the documentation that says it is allowed to use type:table as a
>>> restriction and what this would effectively mean in the different
>>> restriction contexts.
>> Only the explicit form is documented. The implicit form is
>> deprecated, and may be removed in the future.
>
> OK, thanks.
> I didn't plan to use this form of configuration. OTOH, in case I, again,
> stumble upon a postfix system where plain type:table restrictions are
> used: is it safe to assume that
> smtpd_mumble_restrictions = type:table
> effectively means
> smtpd_mumble_restrictions = check_mumble_access type:table
> ?
>

yes. so "fix" it by adding the check_mumble_access.

Reply | Threaded
Open this post in threaded view
|

Re: accept mail for a specified, unknown domain?

mouss-2
In reply to this post by mangoo
Tomasz Chmielewski wrote:

> I have a trusted site which sends emails with an unknown sender address,
> say, [hidden email]. I would like to accept emails which are sent from
> that domain.
>
> Right now, my settings reject senders with an unknown domain:
>
> smtpd_sender_restrictions = permit_sasl_authenticated,
>                             reject_unknown_sender_domain,
>                             reject_non_fqdn_sender
>
>
> I tried adding this line to smtpd_sender_restrictions:
>
>    check_client_access hash:/etc/postfix/access,


you need to get confortable with terminology:
- a client is a host (IP address or hostname)
- a sender is an email address. more precisely, it refers to the
envelope sender (which is not to be confused with addresses found in
headers. google for more infos).

here, you want check_sender_access, not check_client_access.


>
> and adding either of the lines to the access file (+ running postmap):
>
> [hidden email] OK
> example.tld OK
>
> Which didn't work - still, I get "Sender address rejected: Domain not
> found".
>
>
> Where can I allow one specified, unknown domain?
>
>

Reply | Threaded
Open this post in threaded view
|

Re: implicit table checks (was: Re: accept mail for a specified, unknown domain?)

Markus Schönhaber-16
In reply to this post by mouss-2
mouss wrote:

> Markus Schönhaber wrote:

>> used: is it safe to assume that
>> smtpd_mumble_restrictions = type:table
>> effectively means
>> smtpd_mumble_restrictions = check_mumble_access type:table
>> ?
>
> yes. so "fix" it by adding the check_mumble_access.

Thanks for confirming this.

Regards
  mks