LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-14-2006, 03:03 PM   #1
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Rep: Reputation: 30
postfix impossible ?


I have some rules (body_checks, header_checks...)

Would like that in my local net, these rules were not verified by postfix.

It has as I to make this?
 
Old 03-14-2006, 04:09 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Read this.
 
Old 03-14-2006, 04:54 PM   #3
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
I already arrived to read this readme...
The amavis have this configuration. But as I go to declare in master.cf
all internal net?

It does not have a specific configuration for this in main.cf?
thank you
 
Old 03-14-2006, 05:26 PM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
I didn't understand your last post. Here is the general idea:

(1) You need to have two instances of smtpd, each listening on a different ip address (or, perhaps the same ip address but different ports). One will accept mail from the internet, and the other from your local network.
(2) Set 'header_checks' in main.cf to the file containing the patterns and corresponding actions (this will affect all the smtpd instances), but override it for the "inside" smtpd with a 'receive_override_options' in master.cf

Note that, by default, header_checks and body_checks are not set.
 
Old 03-14-2006, 06:09 PM   #5
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
But it only functions for 1 IP. I would like to liberate all classroom (192.168.0.0/24) my net all...

example:

Code:
192.168.0.0:25 inet n  -       n       -       -  smtpd
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
not function..

Last edited by stomach; 03-14-2006 at 06:12 PM.
 
Old 03-14-2006, 06:28 PM   #6
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
We have a misunderstanding here. The 'receive_override_options' is a directive to the smtpd daemon. It's not the clients that are somehow exempted from checks based on their IP address, but rather anyone who connects to the daemon which has the 'receive_override_options' set. The clients have to be configured to connect to that daemon.
 
Old 03-14-2006, 06:40 PM   #7
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
the problem that in this way only functions for 1 customer. I would like to liberate all net. Exactly thus very obliged (thank you)
 
Old 03-14-2006, 08:29 PM   #8
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
No. The IP address under discussion is not the IP address of the customer. It's the IP address of the server. Customers outgoing email does not undergo header and body checks provided those customers send their mail from that server (the server that has the 'receive_override_options' set).
 
Old 03-15-2006, 04:20 AM   #9
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
It still did not give certain, I placed the IP of the machine (serving) of email...

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks




Last edited by stomach; 03-15-2006 at 04:23 AM.
 
Old 03-15-2006, 10:22 AM   #10
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Ok, stomach. Let's just concentrate on postfix, so we don't have the added complexity of amavisd-new. To that end, make sure that in main.cf you have
Code:
content_filter =
Let's also turn on header and body checks, so again in main.cf we should have
Code:
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
Obviously, you should also have the corresponding header_checks and body_files files.

The problem at hand is to prevent header and body checks for outgoing mail, which is the reason you started this thread. For that, we need two smtpd daemons running, one listening for connections from the internet and the other listening for connections from your LAN. The reason you need two daemons is that an smtpd daemon cannot apply header and body checks selectively. It's an all or nothing thing. (When you run amavisd-new, you'll need three smtpd daemons, two before amavis, and one after (the after-filter daemon is the one you mentioned above, listening on the loopback interface).

Ok, so let's decide to have two smtpd daemons, one listening on the its usual port (25) and the other listening on port 587. You can also have the daemons listening on two different interfaces, as per the postfix documentation above, but I think this is simpler. So, master.cf should look like this:
Code:
smtp      inet  n       -       n       -       -       smtpd
587       inet  n       -       n       -       -       smtpd
  -o receive_override_options=no_header_body_checks
Observe that the daemon listening on port 587 does not perform header and body checks. Even though we configured header and body checks in main.cf, we overrode that configuration in master.cf.

Now, configure all you mail clients (the ones on your LAN) to send mail through your server's port 587, and no header and body checks will be performed on their email.

Once this is working and you understand why it's working, go back and read the postfix documentation (follow the link above). You'll need to fine-tune what we did, for example to prevent header and body checks for mail submitted locally on the server (i.e. submitted using the sendmail command).

Good luck.
 
Old 03-17-2006, 03:46 PM   #11
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
thank you

I decided the problem in a similar way.

But instead of changing the door I created another IP (you unite eht1:0).
Both function in door 25 in this way.
 
Old 03-17-2006, 04:46 PM   #12
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
very good, stomach.
 
Old 03-19-2006, 05:51 AM   #13
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
Berhanie, in my way functioned...

The problem that I made a rule PREROUTING for door 25 of the new IP.

Code:
 
iptables - t nat - the PREROUTING - i eth0 - p tcp -- dport 25 - j DNAT - it to you 192.168.0.253
But it is rule is not functioning without I to liberate in the INPUT.
Very strange this...

http://www.linuxquestions.org/questi...d.php?t=425993

thanks
 
Old 03-19-2006, 03:23 PM   #14
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Original Poster
Rep: Reputation: 30
http://www.linuxquestions.org/questi...d.php?t=201220

You find that I can decide the problem using iproute (IP addr)?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix send mail problem(In RH9, kernal 2.4.20, postfix 2.1.5) minor Linux - General 6 09-23-2019 10:09 PM
Why is it impossible? brent1a Linux - Software 37 06-27-2004 03:45 AM
can't start postfix ./postfix status error jules_fraser Linux - Software 3 12-06-2003 06:33 PM
This is impossible... max6110 Linux - Newbie 3 09-28-2003 09:02 PM
Attempting the Impossible? tjm Linux - Software 7 07-22-2003 03:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration