Loading ...
Sorry, an error occurred while loading the content.

289934Re: Holding Email from Specific Sender

Expand Messages
  • Noel Jones
    Dec 6, 2012
    • 0 Attachment
      On 12/6/2012 5:26 PM, Dan Lists wrote:
      > On Thu, Dec 6, 2012 at 5:09 PM, Noel Jones <njones@...> wrote:
      >> On 12/6/2012 4:29 PM, Dan Lists wrote:
      >>> We relay email for our customers. They had some accounts Phished. I
      >>> wanted to hold email from those users so I could see the spam that was
      >>> going out and requeue the valid email.
      >>>
      >>> In main.cf I have:
      >>>
      >>> smtpd_sender_restrictions =
      >>> check_sender_access hash:$config_directory/sender_domains,
      >>> reject
      >>>
      >>> sender_domains has:
      >>>
      >>> user@... HOLD
      >>> domain.tld OK
      >>>
      >>> What user@... sends email I get:
      >>>
      >>> Dec 6 16:14:26 mailserver postfix/smtpd[47661]: NOQUEUE: hold: RCPT
      >>> from clientserv[12.34.56.78]: <user@...>: Sender address
      >>> triggers HOLD action; from=<user@...> to=<recip@...>
      >>> proto=ESMTP helo=<clientserv>
      >>> Dec 6 16:14:26 mailserver postfix/smtpd[47661]: NOQUEUE: reject: RCPT
      >>> from clientserv[12.34.56.78]: 554 5.7.1 <user@...>: Sender
      >>> address rejected: Access denied; from=<user@...>
      >>> to=<recip@...> proto=ESMTP helo=<clientserv>
      >>>
      >>> What am I doing wrong?
      >>
      >> Just a misconception... HOLD does not immediately freeze the
      >> message, nor does it instruct postfix to accept the message.
      >> Processing continues and a later restriction can still reject the
      >> message.
      >
      > Interesting. It worked when I did something similar in
      > smtpd_client_restrictions.
      >
      > smtpd_client_restrictions =
      > check_client_access hash:$config_directory/client_access
      >
      > client_access:
      > 12.34.56.78 HOLD
      >
      > Is that because the smtpd_client_restrictions does not have reject listed?

      If the message was accepted and placed on hold, then it didn't hit
      any reject rules in any of the smtpd_*_restrictions, nor in
      header/body checks.


      >
      >> Probably the easiest solution here it to create your own HOLD_OK
      >> action so it works as you expect.
      >>
      >> # main.cf
      >> smtpd_restriction_classes =
      >> HOLD_OK
      >>
      >> HOLD_OK =
      >> reject_unauth_destination
      >> check_client_access static:hold
      >> permit
      >
      > We are relaying for them, so I assume I would want to leave out
      > reject_unauth_destinaion.

      Yes, I was assuming it was internal mail.




      -- Noel Jones



      >
      >>
      >> Then, in your sender_domain file,
      >> user@... HOLD_OK
      >> domain.tld OK
      >>
      >>
      >> -- Noel Jones
    • Show all 4 messages in this topic