LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Postfix - accepting mails for a concrete recipient (https://www.linuxquestions.org/questions/linux-networking-3/postfix-accepting-mails-for-a-concrete-recipient-752581/)

tikit 09-04-2009 02:07 AM
Postfix - accepting mails for a concrete recipient
 
hi,

we have a Postfix mail relay server. Not to be an open relay we use check_sender_access restriction with allowed sender domains. Is there a way how to configure postfix to accept mails from any domain for a specified recipient? Something like
Code:
if (recipient_address==host@mydomain.com) accept;
We have an admin mailbox and we need it to be accessible from everywhere.

Thanks for your help.

iphigenie 09-05-2009 11:13 AM
It has been a while so it might have changed but
back when I knew something about postfix you would have a

Code:
check_recipient_access (file pointer here, typically hash:/path/to/recipient/filter)
entry ABOVE your sender checks and in the file you could put

Code:
host@mydomain.com OK
(or it might be ACCEPT, cant remember)

if you search for check_recipient_access in the docs you'll probably get what you need

tikit 09-07-2009 03:49 AM
Thanks for your answer but does not work for me.
I set this in main.cf
Code:
#check_sender_access regexp:/etc/postfix/reg_sender_access
smtpd_sender_restrictions =
 check_sender_access regexp:/etc/postfix/reg_sender_access
 warn_if_reject reject_non_fqdn_sender
 warn_if_reject reject_unknown_sender_domain

smtpd_recipient_restrictions =
 check_recipient_access regexp:/etc/postfix/reg_recipient_access
 permit_mynetworks
 warn_if_reject reject_unknown_recipient_domain
 reject_unauth_destination
and in /etc/postfix/reg_recipient_access

Code:
/host@mydomain.com/ OK
If I try to send an email to host@mydomain.com from a domain not listed in reg_sender_access, I get
Code:
Sender address rejected: Access denied (in reply to RCPT TO command)
.

What I need is some kind of exception for a recipient address.

Thanks.

jimjones 09-07-2009 08:19 AM
concrete?
are you in the building business?

tikit 09-07-2009 08:26 AM
sorry for my english. I mean for an explicitly specified recipient. Thanks for correction.

iphigenie 09-08-2009 05:11 AM
The problem there is the order - since you put the sender restrictions first, the system never gets to the recipient rules.

You need to look at what is in your reg_sender_access to make it a bit less drastic - you can always catch some of these in rules later, in the more general ruleset

iphigenie 09-08-2009 05:24 AM
this page is really useful

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

look for that bit and the examples that follow

Quote:
Understanding The Order In Which UCE Checks Are Applied

Anti-UCE/Anti-Virus processing is applied in the following order:

1. SMTPD Restrictions
2. Header/body Checks
3. Content Filters


Understanding The Order In Which SMTPD Restrictions Are Applied

There are three parts to restrictions:

restriction "stages"
restrictions
access lists (or maps)

Postfix' restriction stages are as follows, and are processed in the
following order:

smtpd_client_restrictions
smtpd_helo_restrictions
smtpd_sender_restrictions
smtpd_recipient_restrictions
smtpd_data_restrictions

regardless of the order in which they're listed in main.cf.

Processing *within* a restriction stage ends on the first match,
with the exception of a "DUNNO" result.

What means "DUNNO?" "DUNNO" means "I don't know, somebody
else decide." DUNNO is covered in more detail, later.

tikit 09-08-2009 09:04 AM
Thanks iphigenie. It works now. I put the checks into smtpd_recipient_restrictions
Code:
smtpd_recipient_restrictions =
 permit_mynetworks
 check_sender_access regexp:/etc/postfix/reg_sender_access
 check_recipient_access regexp:/etc/postfix/reg_recipient_access
 permit_auth_destination
 reject_unauth_destination
reg_sender_access
Code:
/.*@mydomain.com/ OK
reg_recipient_access
Code:
/host@mydomain.com/ OK
/.*@*.*/ REJECT


All times are GMT -5. The time now is 08:48 AM.