LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-26-2005, 12:32 AM   #1
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Rep: Reputation: 15
Postfix: "smtpd_client_restrictions" takes no effect?


This is about: POSTFIX ACCESS control base on IP. When I use:
Code:
mynetworks=hash:/etc/postfix/access

/etc/postfix/access:
192.168.0.1 OK
OK, 192.168.0.1 can mail. But when I use:
Code:
smtpd_client_restrictions = hash:/etc/postfix/access
OR
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

I GET:

Oct 25 22:13:43 master01 postfix/smtpd[13075]: connect from unknown[192.168.0.1]
Oct 25 22:13:43 master01 postfix/smtpd[13075]: NOQUEUE: reject: RCPT from unknown[192.168.0.1]: 554 <Chowroc_Z@yahoo.com.cn>: Relay access denied; from=<Chowroc_Z@example.com.cn> to=<Chowroc_Z@yahoo.com.cn> proto=ESMTP helo=<[127.0.0.1]>
Oct 25 22:13:44 master01 postfix/smtpd[13075]: disconnect from unknown[192.168.0.1]
What is wrong? Why "smtpd_client_restrictions" taks no effect?
 
Old 10-27-2005, 10:08 AM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
smtpd_client_restrictions controls who is allowed to request an SMTP connection. It takes effect before the client gives the HELO command. By default, it is empty, which means that anyone is allowed to connect. For more info about the various parameters,
Code:
man 5 postconf
Even though anyone is allowed to make an SMTP connection to the mail server, by default the only allowable RCPT TO: addresses are those of local users. If you want to control which machines on your local network can relay mail, you can use the mynetwoks_style parameter.

Examples:

1. Allow relay for mail submitted by this machine only:
Code:
mynetworks_style = host
2. Allow relay for mail submitted by any machine on my local network:
Code:
mynetworks_style = subnet

For finer control, use the mynetworks parameter instead.

3. Mail server has address 192.168.0.2, but allows relay for mail submitted by machine 192.168.0.4:
Code:
mynetworks = 127.0.0.0/8 192.168.0.2/32 192.168.0.4/32

Last edited by Berhanie; 10-27-2005 at 10:00 PM.
 
Old 10-30-2005, 11:30 PM   #3
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Original Poster
Rep: Reputation: 15
Thank you.

But I think your meaning is still the "smtpd_client_restrictions" takes no effect, I can only control the connections with mynetworks ranther than "smtpd_client_restrictions"?

Then why that paramiters designed?
 
Old 10-31-2005, 11:17 AM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Quote:
I think your meaning is still the "smtpd_client_restrictions" takes no effect
Not so. I think your mail was rejected because of a relay access problem, not an access problem. Look at the value of smtpd_recipient_restrictions. This is the default:
Code:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
That's why adding an IP address mynetworks solves the problem.

Last edited by Berhanie; 10-31-2005 at 11:18 AM.
 
Old 11-01-2005, 12:59 AM   #5
Chowroc
Member
 
Registered: Dec 2004
Posts: 145

Original Poster
Rep: Reputation: 15
Oh, I see. you mean that "smtpd_recipient_restrictions" will be check before "smtpd_client_restrictions"? or has higher priority?

Thank you very much. I will look up the details.
 
Old 11-01-2005, 09:42 AM   #6
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
The order of evaluation is:

smtpd_client_restrictions
smtpd_helo_restrictions
smtpd_sender restrictions
smtpd_recipient_restrictions
smtpd_data_restrictions


Each of the above corresponds to a particular stage of the SMTP conversation. In your case, you were able to pass the smtpd_client_restrictions rules, but not the smtpd_recipient_restrictions.

You might also want to look up smtpd_delay_reject. More detail on all the above is found in the postconf(5) man page.

[Edit:] Before reading the man pages, you might find the documentation on the postfix site here useful. Start with one labeled 'Basic configuration'. It addresses everything you need to start running a mail server. The rest of the documentation becomes more important as your needs become complex.

Last edited by Berhanie; 11-01-2005 at 10:05 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPW2200 Make error macro "create_workqueue" passed 2 arguments, but takes just 1 jplev22 Linux - Wireless Networking 2 09-16-2005 11:34 AM
C program that takes input "FName|LName" and outputs to std out its_godzilla Programming 2 01-18-2005 10:26 PM
Why does "nmbd" takes 99% CPU oba Linux - Networking 0 06-29-2004 10:49 AM
"Widescreen Effect" with Dell Inspiron 4000 Alekti Linux - Laptop and Netbook 6 05-13-2004 12:43 PM
Apache "ForceType" not taking effect... EnigmaX Linux - Software 0 05-10-2004 10:12 PM


All times are GMT -5. The time now is 05:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration