Re: Postfix-Sender and recipient restriction problem

Semih Gokalp wrote:
Thanks Mihira it works.If I write users in recipient and sender files,no
problem. main.cf like below:

smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access reject_unlisted_recipient
permit_sasl_authenticated check_relay_domains reject_anunth_destination

smtpd_sender_restrictions = reject_unknown_sender_domain warn_if_reject
reject_n on_fqdn_sender check_sender_access
hash:/etc/postfix/sender_login_maps

---------------------------------------------

but If i dont write all address in sender_login_maps file ,Other mail
account can send mail.Users mail address must be in sender and recipient
files ??
This is because Postfix is the Final Recipient for this domain. By
default it allows all email addresses that it is the Final Recipient, to
rely mail through it.

try this : add all the email addresses that are allowed to send mail in
the sender_login_maps file and at the end of the list, add a domain wide
reject line. Something like this :

/etc/postfix/sender_check

user1@yourdomain OK
user2@yourdomain OK
yourdomain REJECT

Not 100% sure that this will work but give it a try.

and I added some parameters in main.cf like below:

smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/recipient_access reject_unlisted_recipient
reject_unverified_recipient reject_unknown_recipient_ domain

smtpd_sender_restrictions = reject_unknown_sender_domain warn_if_reject
reject_n on_fqdn_sender check_sender_access
hash:/etc/postfix/sender_login_maps reject_un
authenticated_sender_login_mismatch reject_unlisted_sender

but i have a problem.Problem:

I did telnet to mail server on LOCAL AREA and write 1* MAIL
FROM:fake_account@ abc.def or 2* MAIL FROM:real_mail_account@
fake_domainname and RCPT TO:real_mail_account@ abc.def and mail has sent !
Mail server dont alert me "Sender address reject:User unknown in local
recipient table" or "Sender domain name reject" or same messeage

but when I write 1* out of local area,mail server alert me "Sender address
reject:User unknown in local recipient table".When I write MAIL
FROM:(fake_accunt or real account)@ fake_domainname it has sent ! ,Why
doesnt it alert me "sender domain name reject" or same message ?


in short:

LOCAL AREA:

real_mail_account@ abc.def can send mail to real_mail_account@ abc.def
fake_mail_account@ abc.def can send mail to real_mail_account@ abc.def
fake_mail_account@ fake_domainname can send mail to real_mail_account@
abc.def

OUT OF LOCAL AREA

real_mail_account@ abc.def can send mail to real_mail_account@xxxxxxx
fake_mail_account@ abc.def can NOT send mail to real_mail_account@ abc.def
fake_mail_account@ fake_domainname can send mail to real_mail_account@
abc.def


I think its an interesting problem.How can I solve this problem ?

Thanks.


Ok, Why postfix allows any mail relaying in LAN is that you have entered
the LAN IP Range in your mynetworks parameter. By default, postfix
allows mail relaying for all IPs you enter in mynetworks. Postfix
assumes that all IPs listed in the mynetworks to be trusted ones.

But when you try to relay mail from outside your LAN, because that IP
address is not in your mynetowrks list, it does all the checks for that
mail.

I suggest you leave only 127.0.0.1/8 in your mynetworks. This makes
postfix trust only the local PC and even mail sent from the LAN will get
all the checks.


Mihira.
--
Random Quotes From Megas XLR
Coop: You see? The mysteries of the Universe are revealed when you break
stuff.
Jamie: When in doubt, blow up a planet.
Kiva: It's an 80 foot robot, if we can't see it, absolutely it's not here.
Glorft Technician: Unnecessary use of force in capturing the Earthers
has been approved.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Re: Cohens paper on byte order
    ... Sender: ... packbitstobytes(bitsa, bytesa); ... Recipient: ... Sender uses little-endian, ...
    (sci.crypt)
  • Re: How to officially transfer an item to a party without meeting with them?
    ... >>There are also some escrow firms that can mediate purchases by mail ... The intended recipient sends the sender the address of their mailbox. ... After suitable time for delivery, ...
    (misc.legal)
  • Re: SPAM from stockhunt needs to stop
    ... robomail sender message.txt database.txt subject ... if ($recipient ne $sender) { ... print MAIL "The Recipients' email adresses follow the message.\n"; ...
    (comp.sys.apple2)
  • Swen and Technet thoughts
    ... Sender: "Microsoft Network Security Center" ... Recipient: "MS Customer" ...
    (microsoft.public.security.virus)
  • Postfix Problem (urgent)
    ... Helo list I have postfix installed and working, it only have a problem, I ... somebody try to send a message, postfix tells me (Server replied: ... # The daemon_directory parameter specifies the location of all Postfix ... # These rights are used in the absence of a recipient user context. ...
    (freebsd-questions)