postfix access map

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

postfix access map

Administrator Beckspaced.com
Dear Postfix users,

First a belated BIG THANK YOU to Wietse and his 20 years of Postfix.
You're awesome!

Second:

I'm running Postfix version 2.11.6 and have setup an access map of
sender email addresses

[hidden email] OK

then doing a postmap on the access map and in the main.cf I setup the
following:

smtpd_sender_restrictions = hash:/etc/postfix/access

and later in the main.cf I setup some recipient restrictions with checks
on RBL

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
     ...
     reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org,
     ...
     permit

Now I thought whenever I got an email from a sender listed in the access
map it will always get delivered, because of the OK action, and will
skip checks in the smtpd_recipient_restrictions?

but today a customer send me the following:

From: Mail Delivery System
Sent: Sunday, February 19, 2017 10:22 AM
To: [hidden email]
Subject: Undelivered Mail Returned to Sender

This is the mail system at host mailout04.t-online.de.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[hidden email]>: host mail.beckspaced.com[78.46.161.3] said: 554 5.7.1
    Service unavailable; Client host [194.25.134.18] blocked using
    bl.spamcop.net; Blocked - see
http://www.spamcop.net/bl.shtml?194.25.134.18
    (in reply to RCPT TO command)

and the sender was the email address listed in the access map.

So I thought that email in the access map will never make it to the RBL
checks and always will pass as OK?

Is there anything I need to think of to make it work? Whitelist an email
address to always get accepted?

Thanks for your time & support ;)

Greetings
Becki
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: postfix access map

Dominic Raferd


On 20 February 2017 at 07:58, Admin Beckspaced <[hidden email]> wrote:
Dear Postfix users,

First a belated BIG THANK YOU to Wietse and his 20 years of Postfix. You're awesome!

Second:

I'm running Postfix version 2.11.6 and have setup an access map of sender email addresses

[hidden email] OK

then doing a postmap on the access map and in the main.cf I setup the following:

smtpd_sender_restrictions =
​​
hash:/etc/postfix/access

and later in the main.cf I setup some recipient restrictions with checks on RBL

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
    ...
    reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org,
    ...
    permit

Now I thought whenever I got an email from a sender listed in the access map it will always get delivered, because of the OK action, and will skip checks in the smtpd_recipient_restrictions?

but today a customer send me the following:

From: Mail Delivery System
Sent: Sunday, February 19, 2017 10:22 AM
To: [hidden email]
Subject: Undelivered Mail Returned to Sender

This is the mail system at host mailout04.t-online.de.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                  The mail system

<[hidden email]>: host mail.beckspaced.com[78.46.161.3] said: 554 5.7.1
   Service unavailable; Client host [194.25.134.18] blocked using
   bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?194.25.134.18
   (in reply to RCPT TO command)

and the sender was the email address listed in the access map.

So I thought that email in the access map will never make it to the RBL checks and always will pass as OK?

Is there anything I need to think of to make it work? Whitelist an email address to always get accepted?

An 'OK' in your access file only causes emails which match it to skip further tests that occur in the one restriction list in which you have mentioned it i.e. sender_restrictions. It doesn't affect the separate restriction list 'recipient_restrictions' in which you have your RBLs (or any other restriction lists). The solution is to duplicate or move hash:/etc/postfix/access to being inside recipient_restrictions but above your RBL checks.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: postfix access map

Administrator Beckspaced.com

On 20.02.2017 09:35, Dominic Raferd wrote:

>
>
> On 20 February 2017 at 07:58, Admin Beckspaced <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Dear Postfix users,
>
>     First a belated BIG THANK YOU to Wietse and his 20 years of
>     Postfix. You're awesome!
>
>     Second:
>
>     I'm running Postfix version 2.11.6 and have setup an access map of
>     sender email addresses
>
>     [hidden email] <mailto:[hidden email]> OK
>
>     then doing a postmap on the access map and in the main.cf
>     <http://main.cf> I setup the following:
>
>     smtpd_sender_restrictions =
>     ​​
>     hash:/etc/postfix/access
>
>     and later in the main.cf <http://main.cf> I setup some recipient
>     restrictions with checks on RBL
>
>     smtpd_recipient_restrictions = permit_mynetworks,
>     permit_sasl_authenticated,
>         ...
>         reject_rbl_client bl.spamcop.net <http://bl.spamcop.net>,
>     reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org>,
>         ...
>         permit
>
>     Now I thought whenever I got an email from a sender listed in the
>     access map it will always get delivered, because of the OK action,
>     and will skip checks in the smtpd_recipient_restrictions?
>
>     but today a customer send me the following:
>
>     From: Mail Delivery System
>     Sent: Sunday, February 19, 2017 10:22 AM
>     To: [hidden email] <mailto:[hidden email]>
>     Subject: Undelivered Mail Returned to Sender
>
>     This is the mail system at host mailout04.t-online.de
>     <http://mailout04.t-online.de>.
>
>     I'm sorry to have to inform you that your message could not
>     be delivered to one or more recipients. It's attached below.
>
>     For further assistance, please send mail to postmaster.
>
>     If you do so, please include this problem report. You can
>     delete your own text from the attached returned message.
>
>                       The mail system
>
>     <[hidden email] <mailto:[hidden email]>>: host
>     mail.beckspaced.com <http://mail.beckspaced.com>[78.46.161.3]
>     said: 554 5.7.1
>        Service unavailable; Client host [194.25.134.18] blocked using
>     bl.spamcop.net <http://bl.spamcop.net>; Blocked - see
>     http://www.spamcop.net/bl.shtml?194.25.134.18
>     <http://www.spamcop.net/bl.shtml?194.25.134.18>
>        (in reply to RCPT TO command)
>
>     and the sender was the email address listed in the access map.
>
>     So I thought that email in the access map will never make it to
>     the RBL checks and always will pass as OK?
>
>     Is there anything I need to think of to make it work? Whitelist an
>     email address to always get accepted?
>
>
> An 'OK' in your access file only causes emails which match it to skip
> further tests that occur in the one restriction list in which you have
> mentioned it i.e. sender_restrictions. It doesn't affect the separate
> restriction list 'recipient_restrictions' in which you have your RBLs
> (or any other restriction lists). The solution is to duplicate or move
> hash:/etc/postfix/access to being inside recipient_restrictions but
> above your RBL checks.

Thanks,

I always had the impression that an OK will skip all further tests in
any restrictions lists following.

I now added in smtpd_recipient_restrictions before the RBL checks

check_sender_access hash:/etc/postfix/access

which will do what I want.

Is there perhaps any action which let's me pass all following
restriction lists?

Thanks & greetings
Becki


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: postfix access map

Viktor Dukhovni

> On Feb 20, 2017, at 4:31 AM, Admin Beckspaced <[hidden email]> wrote:
>
> I always had the impression that an OK will skip all further tests in any restrictions lists following.
>
> I now added in smtpd_recipient_restrictions before the RBL checks
>
> check_sender_access hash:/etc/postfix/access

Make sure this (and restrictions that it whitelists) occurs *AFTER*
"reject_unauth_destination", or else  that you're using
"reject_unauth_destination" in "smtpd_relay_restrictions" to prevent
open relay issues.

> Is there perhaps any action which let's me pass all following restriction lists?

No.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: postfix access map

Administrator Beckspaced.com

On 20.02.2017 17:54, Viktor Dukhovni wrote:

>> On Feb 20, 2017, at 4:31 AM, Admin Beckspaced <[hidden email]> wrote:
>>
>> I always had the impression that an OK will skip all further tests in any restrictions lists following.
>>
>> I now added in smtpd_recipient_restrictions before the RBL checks
>>
>> check_sender_access hash:/etc/postfix/access
> Make sure this (and restrictions that it whitelists) occurs *AFTER*
> "reject_unauth_destination", or else  that you're using
> "reject_unauth_destination" in "smtpd_relay_restrictions" to prevent
> open relay issues.
>
>> Is there perhaps any action which let's me pass all following restriction lists?
> No.
>
Thanks ;) you guys on the mailing list are really doing a great job!

Loading...