LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-31-2007, 07:52 AM   #1
svesch
LQ Newbie
 
Registered: Jul 2007
Posts: 3

Rep: Reputation: 0
Postfix with restricted sender list (ACL) on SLES10


Hello everybody,

I've got a problem with postfix running on a SLES10 system. Our goal is to have a mailserver who can relay mails from allowed servers.
My first test was to enable several network segments with the parameter
Code:
mynetworks = 192.168.2.0/24, 10.100.111.0/24
This worked fine but now we want to restrict the access to that server, therefore I created a hash table like the example in the man pages concerning the topic access
Code:
10.100.111.10 OK
10.100.111.12 OK
and also modifying the parameter
Code:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/mailers
Afterwards I executed the command "postmap /etc/postfix/mailers" and restarted postfix with the result that nobody can send mails through that server any more. When I want to open a telnet connection on port 25 I'm getting a connection refused error. No explicit error is shown in the mail log. In that way the ACL does not work. Is there anybody who had similar problems in the past? Or do anyone of you have suggestion/ideas?

Here are my config files, perhaps there is a mistake in there:

main.cf (without comments):

Code:
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = g99la004
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains = 
mydestination = $mydomain
defer_transports = 
mynetworks = 192.168.2.0/24, 10.100.111.0/24
disable_dns_lookups = yes
relayhost = [relayhost]
relay_domains = $mydomain, domain1.de, domain2.de, domain3.de
mailbox_command = 
mailbox_transport = 
strict_8bitmime = no
disable_mime_output_conversion = yes
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = check_client_access hash:/etc/postfix/mailers,reject_unknown_client
smtpd_banner = $myhostname - The new SMTP Cluster - powered by $mail_name 
smtpd_helo_required = yes
smtpd_helo_restrictions = 
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
output of the command postconf -n
Code:
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports = 
disable_dns_lookups = yes
disable_mime_output_conversion = yes
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = 
mailbox_size_limit = 0
mailbox_transport = 
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $mydomain
myhostname = g99la004
mynetworks = 192.168.2.0/24, 10.100.111.0/24
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = $mydomain, domain1.de, domain2.de, domain3.de
relayhost = [relayhost]
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_banner = $myhostname - The new SMTP Cluster - powered by $mail_name
smtpd_client_restrictions = check_client_access hash:/etc/postfix/mailers,reject_unknown_client
smtpd_helo_required = yes
smtpd_helo_restrictions = 
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
If there is another way to create an ACL please let me know...thanks for your help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
POSTFIX how to block/delete mail from sender... hct224 Linux - Newbie 5 12-29-2009 11:11 PM
Postfix, relay sender restriction barghota Linux - Software 1 09-13-2006 03:24 PM
postfix 554 validating sender exodist Linux - Networking 3 06-26-2006 01:29 PM
majordomo restricted list nayabingi Linux - General 0 08-18-2005 10:39 PM
Postfix - Sender address includes localhost buskmann Linux - Software 1 05-04-2005 08:56 AM


All times are GMT -5. The time now is 08:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration