How to config internal and external email using postfix
Hi All
Im using postfix and dovecot installed in one machine running linux centos 5.4 and i have two lan card eth0 and eth1 the eth0 is my IP from ISP the eth1 is my internal IP now since my postfix and dovecot are started without any errors what i mean is i can able to send in yahoo,gmail,etc... and also i can recieve email from outside my question is how can i restrict this email address prinzz@prinzz.com denied for outside but can send and recieve only in internal while this prinzz2@prinzz.com is allow to send and recieve outside and inside. please help Thanks |
look this url http://www.postfix.org/RESTRICTION_CLASS_README.html
|
Quote:
I followed the instruction the one you gave to me URL but still i can able send message externally am using this email add prinzz@tailinsubic-chatserver.com for the /etc/postfix/restricted_senders content: prinzz@tailinsubic-chatserver.com local_only /etc/postfix/recipient_access content: prinzz@tailinsubic-chatserver.com restrictive prinzz2@tailinsubic-chatserver.com permissive /etc/postfix/local_domains content: tailinsubic-chatserver.com OK Please can someone review my main.cf smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup smtpd_restriction_classes = restrictive, permissive restrictive = reject_unknown_sender_domain reject_unknown_client_hostname permissive = permit check_recipient_access = hash:/etc/postfix/recipient_access mynetworks = 127.0.0.0/8 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # email forwarder virtual_alias_domains = tailinsubic-chatserver.com virtual_alias_maps = hash:/etc/postfix/virtual # Restricting Internal to External check_sender_access = hash:/etc/postfix/restricted_senders smtpd_restriction_classess = local_only local_only = check_recipient_access = hash:/etc/postfix/local_domains, reject thanks |
erase the line
restrictive = reject_unknown_sender_domain reject_unknown_client_hostname and the line permissive = permit and erase the contend of recipient_access (you don't nedeed) and restart i hope that this help.. |
1 Attachment(s)
Quote:
I removed it but there is a problem when i tried to send email to here aries_baluyot@tailinsubic-chatserver.com still running please see attached file and also my main.cf smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup smtpd_restriction_classes = restrictive, permissive #restrictive = reject_unknown_sender_domain reject_unknown_client_hostname #permissive = permit check_recipient_access = hash:/etc/postfix/recipient_access mynetworks = 127.0.0.0/8 smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # email forwarder virtual_alias_domains = tailinsubic-chatserver.com virtual_alias_maps = hash:/etc/postfix/virtual # Restricting Internal to External #smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks check_relay_domains permit_mx_backup check_sender_access = hash:/etc/postfix/restricted_senders smtpd_restriction_classess = local_only local_only = #check_recipient_access = hash:/etc/postfix/local_domains, reject Thanks |
hum...
1. in smtpd_recipient_restrictions add at the begin this words check_sender_access hash:/etc/postfix/restricted_senders example: smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders, permit_sasl_authenticated permit_mynetworks, check_relay_domains permit_mx_backup whit this you define that the first rule to check to decide if a mail is goning to be send is check_sender_access 2. then you have to set the local policy, smtpd_restriction_classess = local_only local_only = check_recipient_access = hash:/etc/postfix/local_domains, reject erase the line smtpd_restriction_classes = restrictive, permissive yout don't nedeed 3. in local_domains you have to add the domains that postfix will recognize like your own domain 4. in the restricted_senders you have to add the accounts and the restriccion_classes tha will affect them exaple prinzz@tailinsubic-chatserver.com local_only the accounts that don't appear in the file (restricted_senders), will to be able to send mail to external domains because the next policies in the line smtpd_recipient_restrictions, will be aplied to them i hope that this help you and sorry again for my english.. |
Quote:
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/recipient_access, permit_sasl_authenticated, permit_mynetworks, check_relay_domains, permit_mx_backup i have problem with that noticed that the red color when i remove that i can able to send and recieve but if im going to place on that path SMTP become idle or taking long time but still failed to send anyideas thanks |
make a postmap to the files recipient_access, local_domains.
example: postmap local_domains and that will create the local_domains.db that the hash: type of file restart the postfix and check if the mails can be send. try this and tell me if work for you, if don't restart the postfix and post the /var/log/maillog in then moment when send a mail |
Quote:
Im sorry for not replying immediately i used postmap for this following restricted_senders, local_domain, recipient_access and also virtual all i mentioned postmap created db of each filename. i checked the mail log and here is the result Jun 1 13:27:46 tailinsubic-chatserver postfix/master[4467]: daemon started -- version 2.3.3, configuration /etc/postfix Jun 1 13:27:50 tailinsubic-chatserver postfix/smtpd[4471]: fatal: restriction class `local_only' needs a definition Jun 1 13:27:51 tailinsubic-chatserver postfix/master[4467]: warning: process /usr/libexec/postfix/smtpd pid 4471 exit status 1 Jun 1 13:27:51 tailinsubic-chatserver postfix/master[4467]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling please help thanks |
Quote:
Good News Its ok now i can able to send email local using restricted_senders please check log below Jun 1 14:20:16 tailinsubic-chatserver postfix/master[7827]: daemon started -- version 2.3.3, configuration /etc/postfix Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: connect from unknown[119.92.56.77] Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: setting up TLS connection from unknown[119.92.56.77] Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: TLS connection established from unknown[119.92.56.77]: TLSv1 with cipher AES128-SHA (128/128 bits) Jun 1 14:20:20 tailinsubic-chatserver postfix/trivial-rewrite[7835]: warning: do not list domain tailinsubic-chatserver.com in BOTH mydestination and virtual_alias_domains Jun 1 14:20:20 tailinsubic-chatserver postfix/smtpd[7831]: C0D2E2350085: client=unknown[119.92.56.77], sasl_method=PLAIN, sasl_username=aries_baluyot@tailinsubic-chatserver.com Jun 1 14:20:20 tailinsubic-chatserver postfix/cleanup[7836]: C0D2E2350085: message-id=<2FE3A4E1-3DD9-4F74-937D-C9A8511F29C8@tailinsubic-chatserver.com> Jun 1 14:20:20 tailinsubic-chatserver postfix/qmgr[7830]: C0D2E2350085: from=<aries_baluyot@tailinsubic-chatserver.com>, size=713, nrcpt=1 (queue active) Jun 1 14:20:23 tailinsubic-chatserver postfix/smtp[7837]: C0D2E2350085: to=<r_sumook@yahoo.com>, relay=f.mx.mail.yahoo.com[98.137.54.237]:25, delay=3, delays=0.17/0.01/1.1/1.7, dsn=2.0.0, status=sent $ Jun 1 14:20:23 tailinsubic-chatserver postfix/qmgr[7830]: C0D2E2350085: removed Jun 1 14:21:21 tailinsubic-chatserver postfix/smtpd[7831]: disconnect from unknown[119.92.56.77] Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: connect from unknown[119.92.56.77] Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: setting up TLS connection from unknown[119.92.56.77] Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: TLS connection established from unknown[119.92.56.77]: TLSv1 with cipher AES128-SHA (128/128 bits) Jun 1 14:21:45 tailinsubic-chatserver postfix/trivial-rewrite[7835]: warning: do not list domain tailinsubic-chatserver.com in BOTH mydestination and virtual_alias_domains Jun 1 14:21:45 tailinsubic-chatserver postfix/smtpd[7831]: NOQUEUE: reject: RCPT from unknown[119.92.56.77]: 554 5.7.1 <rsumook@tailinsubic-chatserver.com>: Sender address rejected: Access denied; fro$ Jun 1 14:21:46 tailinsubic-chatserver postfix/smtpd[7831]: disconnect from unknown[119.92.56.77] thank you so much :) cheers |
All times are GMT -5. The time now is 06:20 AM. |