smtpd_recipient_restrictions is not working on postfix 2.3

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_recipient_restrictions is not working on postfix 2.3

Rahmathulla KM
Dear Techies,

I am trying to implement an access control on an alias email account called [hidden email]. I need to allow only few users to send mail to this alias. I tried many of the combination and didnt got a +ve result yet. I tried googling a lot, and found the usage of declaring restriction classes, usage of smtpd_recipient_restrictions etc...

After messing up a lot, i had implemented a test mail server and its current configuration is as the following;

OS: CentOS 5.2
Postfix: 2.3.3-2

main.cf;
xinode-senders-list = check_sender_access hash:/etc/postfix/xinode-senders, reject
users-senders-list = reject, check_sender_access hash:/etc/postfix/users-senders
smtpd_restriction_classes = xinode-senders-list, users-senders-list

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/protected-recipients, reject_unauth_destination
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, $mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES


cat xinode-senders

# These are for various technical reasons.
[hidden email]      OK
[hidden email]               OK
[hidden email]      OK

# These are the good guys.
[hidden email]        OK
[hidden email]    OK
[hidden email]    OK


cat protected-recipients

[hidden email]     mangousers-senders-list
[hidden email]    users-senders-list
[hidden email]    xinode-senders-list


NOTE 1: currently, i dint declared mangousers-senders-list in main.cf
NOTE 2: i tried by changing the order to put access controls, thats why finally now its on the top of the main.cf file

I ran postmap to build the db files, restarted the postfix, watched the logs.... and always i see all the mails are delivered smoothly. I was not able to block even a single mail.

Is there any othe setting which is to be turned on to make this access control work?
When i intentionally made a mistake in the smtpd_recipient_restrictions command, and restarted postfix, i didnt see any error reported in the maillog. I wonder why it is like that. Is there any mechanism (like testparm for samba or self check of apache when it starts) to check our main.cf is configured correctly.

Awaiting for your supportive hands...

Thanking all you in advance...

--
---
E-Regards,


Rahmathulla K M
"In a world without walls and fences, who needs windows and gates?"


Reply | Threaded
Open this post in threaded view
|

Re: smtpd_recipient_restrictions is not working on postfix 2.3

Noel Jones-2
Rahmathulla KM wrote:

> Dear Techies,
>
> I am trying to implement an access control on an alias email account
> called [hidden email] <mailto:[hidden email]>. I need to allow only
> few users to send mail to this alias. I tried many of the combination
> and didnt got a +ve result yet. I tried googling a lot, and found the
> usage of declaring restriction classes, usage of
> smtpd_recipient_restrictions etc...
>
> After messing up a lot, i had implemented a test mail server and its
> current configuration is as the following;
>
> OS: CentOS 5.2
> Postfix: 2.3.3-2
>
> main.cf <http://main.cf>;
> xinode-senders-list = check_sender_access
> hash:/etc/postfix/xinode-senders, reject
> users-senders-list = reject, check_sender_access
> hash:/etc/postfix/users-senders
> smtpd_restriction_classes = xinode-senders-list, users-senders-list
>
> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/protected-recipients, reject_unauth_destination
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> mail_owner = postfix
> mydomain = domain.com <http://domain.com>
> myorigin = $mydomain
> inet_interfaces = all
> mydestination = $myhostname, $mydomain, localhost
> unknown_local_recipient_reject_code = 550
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> debug_peer_level = 2
> debugger_command =
>          PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>          xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail.postfix
> newaliases_path = /usr/bin/newaliases.postfix
> mailq_path = /usr/bin/mailq.postfix
> setgid_group = postdrop
> html_directory = no
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
>
>
> cat xinode-senders
>
> # These are for various technical reasons.
> [hidden email] <mailto:[hidden email]>      OK
> [hidden email] <mailto:[hidden email]>               OK
> [hidden email] <mailto:[hidden email]>      OK
>
> # These are the good guys.
> [hidden email] <mailto:[hidden email]>        OK
> [hidden email] <mailto:[hidden email]>    OK
> [hidden email] <mailto:[hidden email]>    OK
>
>
> cat protected-recipients
>
> [hidden email] <mailto:[hidden email]>    
> mangousers-senders-list
> [hidden email] <mailto:[hidden email]>    users-senders-list
> [hidden email] <mailto:[hidden email]>    xinode-senders-list
>
>
> NOTE 1: currently, i dint declared mangousers-senders-list in main.cf
> <http://main.cf>
> NOTE 2: i tried by changing the order to put access controls, thats why
> finally now its on the top of the main.cf <http://main.cf> file
>
> I ran postmap to build the db files, restarted the postfix, watched the
> logs.... and always i see all the mails are delivered smoothly. I was
> not able to block even a single mail.
>
> Is there any othe setting which is to be turned on to make this access
> control work?
> When i intentionally made a mistake in the smtpd_recipient_restrictions
> command, and restarted postfix, i didnt see any error reported in the
> maillog. I wonder why it is like that. Is there any mechanism (like
> testparm for samba or self check of apache when it starts) to check our
> main.cf <http://main.cf> is configured correctly.
>
> Awaiting for your supportive hands...
>
> Thanking all you in advance...
>
> --
> ---
> E-Regards,

Some notes...

Post here in plain text only; no HTML please.

Use "postconf -n" to see the settings that postfix sees.
This has saved me from grief many times.

Mail submitted via the sendmail(1) command is not subject to
smtpd_*_restrictions since it does not travel over SMTP.  Such
mail is logged with "postfix/pickup" rather than "postfix/smtpd".

For more help, see
http://www.postfix.org/DEBUG_README.html#mail

   -- Noel Jones