Loading ...
Sorry, an error occurred while loading the content.

Virtual domain and only local domain

Expand Messages
  • Pierguido
    ... Hash: SHA1 Hi all. I ve set a mail server with virtual domains and with mysql. Now i d like to set up a local domain that is able to send mail just to the
    Message 1 of 10 , Mar 27, 2007
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Hi all.
      I've set a mail server with virtual domains and with mysql.
      Now i'd like to set up a local domain that is able to send mail just to
      the other member of this domain and nothing more (it'll be used mainly
      for internal purpose).
      I've looked at smtpd_recipient_restrictions as suggest in another email,
      but i'm able to make it to work.
      Should i use a real local domain present in mydestination or i could use
      a virtual domain?
      Thank you

      Pier
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.6 (GNU/Linux)
      Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

      iD8DBQFGCREx0EvuLV/O0yoRAo6SAKCML9bhedzbyLZaabL79WbeuP2OLACglafD
      8LH6A7fz1kNopvaGqscpszY=
      =v0vF
      -----END PGP SIGNATURE-----
    • mouss
      ... smtpd_restriction_classes = local_only smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/local_only check_recipient_restrictions
      Message 2 of 10 , Mar 27, 2007
      • 0 Attachment
        Pierguido wrote:
        > -----BEGIN PGP SIGNED MESSAGE-----
        > Hash: SHA1
        >
        > Hi all.
        > I've set a mail server with virtual domains and with mysql.
        > Now i'd like to set up a local domain that is able to send mail just to
        > the other member of this domain and nothing more (it'll be used mainly
        > for internal purpose).
        > I've looked at smtpd_recipient_restrictions as suggest in another email,
        > but i'm able to make it to work.
        >

        smtpd_restriction_classes = local_only

        smtpd_sender_restrictions =
        check_sender_access hash:/etc/postfix/local_only
        check_recipient_restrictions hash:/etc/postfix/local_only

        local_only =
        reject_unauth_destination
        permit_mynetworks
        reject

        # cat /etc/postfix/local_only
        local.example local_only
        .local.example local_only
        ...


        > Should i use a real local domain present in mydestination or i could use
        > a virtual domain?
        >

        access restrictions don't care for the domain class.
      • mouss
        ... read: check_recipient_acces.
        Message 3 of 10 , Mar 27, 2007
        • 0 Attachment
          mouss wrote:
          > Pierguido wrote:
          >> -----BEGIN PGP SIGNED MESSAGE-----
          >> Hash: SHA1
          >>
          >> Hi all.
          >> I've set a mail server with virtual domains and with mysql.
          >> Now i'd like to set up a local domain that is able to send mail just to
          >> the other member of this domain and nothing more (it'll be used mainly
          >> for internal purpose).
          >> I've looked at smtpd_recipient_restrictions as suggest in another email,
          >> but i'm able to make it to work.
          >>
          >
          > smtpd_restriction_classes = local_only
          >
          > smtpd_sender_restrictions =
          > check_sender_access hash:/etc/postfix/local_only
          > check_recipient_restrictions hash:/etc/postfix/local_only
          read: check_recipient_acces.
          >
          > local_only =
          > reject_unauth_destination
          > permit_mynetworks
          > reject
          >
          > # cat /etc/postfix/local_only
          > local.example local_only
          > .local.example local_only
          > ...
          >
          >
          >> Should i use a real local domain present in mydestination or i could use
          >> a virtual domain?
          >>
          >
          > access restrictions don't care for the domain class.
          >
        • Pierguido
          ... Hash: SHA1 ... I created a local domain local.dom...created a user, set up postfix, but i m still able to send mail outside. It looks like the
          Message 4 of 10 , Mar 28, 2007
          • 0 Attachment
            -----BEGIN PGP SIGNED MESSAGE-----
            Hash: SHA1

            mouss wrote:
            > smtpd_restriction_classes = local_only
            >
            > smtpd_sender_restrictions =
            > check_sender_access hash:/etc/postfix/local_only
            > check_recipient_restrictions hash:/etc/postfix/local_only
            >
            > local_only =
            > reject_unauth_destination
            > permit_mynetworks
            > reject
            >
            > # cat /etc/postfix/local_only
            > local.example local_only
            > .local.example local_only
            > ...
            >
            >
            >> Should i use a real local domain present in mydestination or i could use
            >> a virtual domain?
            >>
            >
            > access restrictions don't care for the domain class.
            >
            I created a local domain local.dom...created a user, set up postfix, but
            i'm still able to send mail outside.
            It looks like the smtpd_restriction_classes is not even considered.
            What can i check?

            Pier
            -----BEGIN PGP SIGNATURE-----
            Version: GnuPG v1.4.6 (GNU/Linux)
            Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

            iD8DBQFGCnvp0EvuLV/O0yoRAsRzAJ9avkyO3r+27gmSOp5EeeZbJJl2KACfTS+g
            tZs9B9XUgggur8+LKb6zD4A=
            =XtK9
            -----END PGP SIGNATURE-----
          • mouss
            ... please send output of postconf -n as well as the content of the local_only map.
            Message 5 of 10 , Mar 28, 2007
            • 0 Attachment
              Pierguido wrote:
              > -----BEGIN PGP SIGNED MESSAGE-----
              > Hash: SHA1
              >
              > mouss wrote:
              >
              >> smtpd_restriction_classes = local_only
              >>
              >> smtpd_sender_restrictions =
              >> check_sender_access hash:/etc/postfix/local_only
              >> check_recipient_restrictions hash:/etc/postfix/local_only
              >>
              >> local_only =
              >> reject_unauth_destination
              >> permit_mynetworks
              >> reject
              >>
              >> # cat /etc/postfix/local_only
              >> local.example local_only
              >> .local.example local_only
              >> ...
              >>
              >>
              >>
              >>> Should i use a real local domain present in mydestination or i could use
              >>> a virtual domain?
              >>>
              >>>
              >> access restrictions don't care for the domain class.
              >>
              >>
              > I created a local domain local.dom...created a user, set up postfix, but
              > i'm still able to send mail outside.
              > It looks like the smtpd_restriction_classes is not even considered.
              > What can i check?
              >

              please send output of 'postconf -n' as well as the content of the
              local_only map.
            • Pierguido
              ... Hash: SHA1 ... postconf -n alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix
              Message 6 of 10 , Mar 29, 2007
              • 0 Attachment
                -----BEGIN PGP SIGNED MESSAGE-----
                Hash: SHA1

                mouss wrote:
                > please send output of 'postconf -n' as well as the content of the
                > local_only map.

                postconf -n


                alias_maps = hash:/etc/aliases
                append_dot_mydomain = no
                biff = no
                broken_sasl_auth_clients = yes
                config_directory = /etc/postfix
                content_filter = amavis:[127.0.0.1]:10024
                home_mailbox = Maildir/
                inet_interfaces = all
                mailbox_command =
                mailbox_size_limit = 0
                message_size_limit = 15360000
                mydestination = mail.alephweb.com, mail, localhost.localdomain, localhost
                myhostname = mail.alephweb.com
                mynetworks = 127.0.0.0/8, 192.168.30.0/24,
                192.168.11.0/24, 192.168.20.0/24,
                192.168.21.0/24,
                192.168.50.0/24, 192.168.60.0/24,
                192.168.61.0/24, 192.168.80.0/24,
                192.168.
                90.0/24, 192.168.200.0/24 192.168.1.0/24
                myorigin = /etc/mailname
                queue_minfree = 30720000
                receive_override_options = no_address_mappings
                recipient_delimiter = +
                relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
                smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
                smtpd_banner = $myhostname ESMTP $mail_name
                smtpd_data_restrictions = reject_unauth_pipelining, permit
                smtpd_delay_reject = yes
                smtpd_helo_required = yes
                smtpd_helo_restrictions = permit_mynetworks,
                reject_non_fqdn_hostname, reject_invalid_hostname,
                permit
                smtpd_recipient_restrictions = permit_mynetworks,
                reject_unauth_destination, permit_sasl_authenticated,
                reject_n
                on_fqdn_hostname, reject_non_fqdn_sender,
                reject_non_fqdn_recipient, reject_unknown_sender_domain,
                reject_u
                nknown_recipient_domain, reject_invalid_hostname,
                check_policy_service inet:127.0.0.1:10000,
                check_policy_ser
                vice inet:127.0.0.1:60000
                smtpd_restriction_classes = local_only
                smtpd_sasl_auth_enable = yes
                smtpd_sasl_local_domain =
                smtpd_sasl_security_options = noanonymous
                smtpd_sender_restrictions = check_sender_access
                hash:/etc/postfix/local_only check_recipient_access
                hash:/etc/postfix/local_only
                permit_sasl_authenticated, permit_mynetworks,
                reject_non_fqdn_sender, reject_unknown_sender_domain,
                permit
                smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
                smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
                smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
                smtpd_use_tls = yes
                virtual_create_maildirsize = yes
                virtual_gid_maps = static:105
                virtual_mailbox_base = /mnt/mail
                virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
                virtual_mailbox_limit = 15360000
                virtual_mailbox_limit_inbox = no
                virtual_mailbox_limit_maps =
                mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
                virtual_mailbox_limit_override = yes
                virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
                virtual_maildir_extended = yes
                virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn
                his diskspace quota, please try again later.
                virtual_minimum_uid = 104
                virtual_overquota_bounce = yes
                virtual_transport = virtual
                virtual_trash_count = yes
                virtual_trash_name = .Trash
                virtual_uid_maps = static:104


                local_only

                ciaula.com local_only


                mail to external domain:

                Mar 29 17:09:49 srv-mail postfix/smtp[26595]: DE76D13E96:
                to=<xxxxxxxx@...>, relay=127.0.0.1[127.0.0.1]:10024,
                delay=0.23, delays=0.03/0/0.01/0.19, dsn=2.6.0, status=sent (250 2.6.0
                Ok, id=21116-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
                0972913E7C)
                Mar 29 17:09:49 srv-mail postfix/qmgr[26549]: DE76D13E96: removed


                Thank you

                Pier
                -----BEGIN PGP SIGNATURE-----
                Version: GnuPG v1.4.6 (GNU/Linux)
                Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

                iD8DBQFGC95a0EvuLV/O0yoRAhdiAKCl3juknXP6gB3PZDPYTjLB6ejMwgCfX1eI
                9mvJCRKAcsG9fP45ltzceCc=
                =jeJw
                -----END PGP SIGNATURE-----
              • mouss
                ... Are you testing using sendmail? smtpd_* restrictions apply to mail received via smtp.
                Message 7 of 10 , Mar 30, 2007
                • 0 Attachment
                  Pierguido wrote:
                  > ... postfix/pickup[29423]: ...
                  >

                  Are you testing using sendmail? smtpd_* restrictions apply to mail
                  received via smtp.
                • Pierguido
                  ... Hash: SHA1 ... No i wasn t...actually i bypass this problem by using a domain that don t exist (pippo.local or similar) so that i m reachable via dns MX.
                  Message 8 of 10 , Mar 30, 2007
                  • 0 Attachment
                    -----BEGIN PGP SIGNED MESSAGE-----
                    Hash: SHA1

                    mouss wrote:
                    > Pierguido wrote:
                    >> ... postfix/pickup[29423]: ...
                    >>
                    >
                    > Are you testing using sendmail? smtpd_* restrictions apply to mail
                    > received via smtp.

                    No i wasn't...actually i bypass this problem by using a domain that
                    don't exist (pippo.local or similar) so that i'm reachable via dns MX.
                    Anyway with this i'm sure even if someone telnet me, he can't use that
                    domain.
                    But what if i want that domain can't send the mail outside?
                    Actually i want a domain that is able to send mail just to other domain
                    member.
                    Is that possible?

                    Pier
                    -----BEGIN PGP SIGNATURE-----
                    Version: GnuPG v1.4.6 (GNU/Linux)
                    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

                    iD8DBQFGDQ8y0EvuLV/O0yoRAgCzAKCQI6ytoJpnq2MNSqmyMsy8AonD5gCgrKw+
                    tQmws7Iq2/VCPi86UfOw3q8=
                    =UM7c
                    -----END PGP SIGNATURE-----
                  • mouss
                    ... According to your logs, the message was received by the sendmail command. There is only one smtpd line, and it corresponds to the after the filter
                    Message 9 of 10 , Mar 30, 2007
                    • 0 Attachment
                      Pierguido wrote:
                      > -----BEGIN PGP SIGNED MESSAGE-----
                      > Hash: SHA1
                      >
                      > mouss wrote:
                      >
                      >> Pierguido wrote:
                      >>
                      >>> ... postfix/pickup[29423]: ...
                      >>>
                      >>>
                      >> Are you testing using sendmail? smtpd_* restrictions apply to mail
                      >> received via smtp.
                      >>
                      >
                      > No i wasn't...


                      According to your logs, the message was received by the sendmail
                      command. There is only one smtpd line, and it corresponds to the after
                      the filter listener, as shown by comparing the message-id:

                      ... postfix/pickup[29423]: 2A6A213EA0 ...
                      ... postfix/cleanup[29529]: 2A6A213EA0 ...
                      message-id=<d05aeabfd4c6804f82c825bc96920dbd@localhost>
                      ... postfix/smtpd[29534]: 420DC13E7C: client=localhost[127.0.0.1]
                      ... postfix/cleanup[29529]: 420DC13E7C:
                      message-id=<d05aeabfd4c6804f82c825bc96920dbd@localhost>

                      Since you are not using sendmail directly, then something is using it on your behalf, such as a webmail client.

                      try from a remote machine using a MUA (thunderbird, eudora, outlook, or whatever).





                      > actually i bypass this problem by using a domain that
                      > don't exist (pippo.local or similar) so that i'm reachable via dns MX.
                      > Anyway with this i'm sure even if someone telnet me, he can't use that
                      > domain.
                      > But what if i want that domain can't send the mail outside?
                      > Actually i want a domain that is able to send mail just to other domain
                      > member.
                      > Is that possible?
                      >

                      This is what the local_only setup is for. but again, this only applies
                      to mail received by postfix on its smtp port, and as long as the
                      restrictions are not overriden in master.cf (which should be the case
                      for the after the filter listener(s)).
                    • mouss
                      ... see if the webmail software can use smtp instead of running sendmail.
                      Message 10 of 10 , Apr 2 2:02 AM
                      • 0 Attachment
                        Pierguido wrote:
                        > -----BEGIN PGP SIGNED MESSAGE-----
                        > Hash: SHA1
                        >
                        > mouss wrote:
                        >
                        >> According to your logs, the message was received by the sendmail
                        >> command. There is only one smtpd line, and it corresponds to the after
                        >> the filter listener, as shown by comparing the message-id:
                        >>
                        >> ... postfix/pickup[29423]: 2A6A213EA0 ...
                        >> ... postfix/cleanup[29529]: 2A6A213EA0 ...
                        >> message-id=<d05aeabfd4c6804f82c825bc96920dbd@localhost>
                        >> ... postfix/smtpd[29534]: 420DC13E7C: client=localhost[127.0.0.1]
                        >> ... postfix/cleanup[29529]: 420DC13E7C:
                        >> message-id=<d05aeabfd4c6804f82c825bc96920dbd@localhost>
                        >>
                        >> Since you are not using sendmail directly, then something is using it on
                        >> your behalf, such as a webmail client.
                        >> try from a remote machine using a MUA (thunderbird, eudora, outlook, or
                        >> whatever).
                        >>
                        > Yes...with a mua (thunderbird) it works...now i understood...i just have
                        > to forbit to use the webmail and force using a mua for the internal mail.
                        > Thank you very much.
                        >

                        see if the webmail software can use smtp instead of running sendmail.
                      Your message has been successfully submitted and would be delivered to recipients shortly.