Loading ...
Sorry, an error occurred while loading the content.

access

Expand Messages
  • okahei@gmail.com
    Hello I want to HOLD mail from an expecific user, well what i have done is put in main.cf a line like this : smtpd_client_restrictions = check_client_access
    Message 1 of 12 , Sep 14, 2008
    • 0 Attachment
      Hello

      I want to HOLD mail from an expecific user, well what i have done is
      put in main.cf a line like this :

      smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access

      and my client_access file :

      user@... REJECT
      user1@... HOLD

      But nothing happens when i send an email from thunderbird, the email
      from both user or user1 gets deliver to the destination.

      Postfix is configured with virtual domains, and the users that we want
      to HOLD/REJECT belongs to one of those virtual domains.

      It seems that aacess file is being ignored.

      regards.

      PD: yes i did postmap client_access
    • mouss
      ... a client is an IP or a hostname. you want check_sender_access.
      Message 2 of 12 , Sep 14, 2008
      • 0 Attachment
        okahei@... wrote:
        > Hello
        >
        > I want to HOLD mail from an expecific user, well what i have done is
        > put in main.cf a line like this :
        >
        > smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access
        >
        > and my client_access file :
        >
        > user@... REJECT
        > user1@... HOLD
        >

        a client is an IP or a hostname. you want check_sender_access.

        > But nothing happens when i send an email from thunderbird, the email
        > from both user or user1 gets deliver to the destination.
        >
        > Postfix is configured with virtual domains, and the users that we want
        > to HOLD/REJECT belongs to one of those virtual domains.
        >
        > It seems that aacess file is being ignored.
        >
        > regards.
        >
        > PD: yes i did postmap client_access
      • Ralf Hildebrandt
        ... Use check_SENDER_access -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) snickebo@charite.de Postfix - Einrichtung, Betrieb und Wartung
        Message 3 of 12 , Sep 14, 2008
        • 0 Attachment
          * okahei@... <okahei@...>:
          > Hello
          >
          > I want to HOLD mail from an expecific user, well what i have done is
          > put in main.cf a line like this :
          >
          > smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access

          Use "check_SENDER_access"

          --
          Ralf Hildebrandt (Ralf.Hildebrandt@...) snickebo@...
          Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
          http://www.arschkrebs.de I'm looking for a job
          "Usenet is like a herd of performing elephants with diarrhea; massive,
          difficult to redirect, awe-inspiring, entertaining, and a source of
          mind-boggling amounts of excrement when you least expect it."
          - Eugene Spafford.
        • don magnify
          hi all.... i have a machine heavily hit with a bunch of from= messages... i read around and implemented the access solution as in: /etc/postfix/main.cf
          Message 4 of 12 , Dec 11, 2013
          • 0 Attachment


            hi all....

            i have a machine heavily hit with a bunch of from=<> messages...

            i read around and implemented the access solution as in:

            /etc/postfix/main.cf:
                       smtpd_client_restrictions =
                           check_client_access hash:/etc/postfix/access
            
                   /etc/postfix/access:
                       1.2.3   REJECT
                       1.2.3.4 OK

            my /etc/postfix/access looks like:

            .eigbox.net                     DISCARD
            .yourhostingaccount.com         DISCARD
            
            
            and did the postmap command

            how do i know it's working? i still get lots of these in my maillog:

            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: 0495F4352D: client=mail-yh0-f43.google.com[209.85.213.43]
            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: connect from mail-qc0-f175.google.com[209.85.216.175]
            Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[14901]: 0495F4352D: message-id=<E1Vqr1u-0000Kr-8U@...>
            Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 0495F4352D: from=<>, size=3277, nrcpt=1 (queue active)
            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: disconnect from mail-yh0-f43.google.com[209.85.213.43]
            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: 1A8B34355B: client=mail-qc0-f175.google.com[209.85.216.175]
            Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[9395]: 1A8B34355B: message-id=<E1VqlGm-0005Pe-LV@...>
            Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 1A8B34355B: from=<>, size=3280, nrcpt=1 (queue active)
            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: disconnect from mail-qc0-f175.google.com[209.85.216.175]
            Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[1060]: connect from mail-qc0-f176.google.com[209.85.216.176]
            


            my queue is growing very big and can't really figure out  how do i drop this connections and do not reply to them at all...

            thanks...

          • Wietse Venema
            ... See: http://www.postfix.org/BACKSCATTER_README.html Wietse
            Message 5 of 12 , Dec 11, 2013
            • 0 Attachment
              don magnify:
              > i have a machine heavily hit with a bunch of from=<> messages...
              ...
              > my queue is growing very big and can't really figure out how do i drop
              > this connections and do not reply to them at all...

              See:
              http://www.postfix.org/BACKSCATTER_README.html

              Wietse
            • Paul C
              If its a small number of ip addresses trying to connect you might also want to just block them with iptables too: iptables -I INPUT -s 209.85.216.175 -j DROP
              Message 6 of 12 , Dec 11, 2013
              • 0 Attachment
                If its a small number of ip addresses trying to connect you might also
                want to just block them with iptables too:

                iptables -I INPUT -s 209.85.216.175 -j DROP
                iptables -I INPUT -s 209.85.216.176 -j DROP

                That line for each ip, then restart iptables



                On Wed, Dec 11, 2013 at 5:52 PM, don magnify <magnuscelzious@...> wrote:
                >
                >
                > hi all....
                >
                > i have a machine heavily hit with a bunch of from=<> messages...
                >
                > i read around and implemented the access solution as in:
                >
                > /etc/postfix/main.cf:
                > smtpd_client_restrictions =
                > check_client_access hash:/etc/postfix/access
                >
                > /etc/postfix/access:
                > 1.2.3 REJECT
                > 1.2.3.4 OK
                >
                >
                > my /etc/postfix/access looks like:
                >
                >
                > .eigbox.net DISCARD
                > .yourhostingaccount.com DISCARD
                >
                > and did the postmap command
                >
                >
                > how do i know it's working? i still get lots of these in my maillog:
                >
                >
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: 0495F4352D:
                > client=mail-yh0-f43.google.com[209.85.213.43]
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: connect from
                > mail-qc0-f175.google.com[209.85.216.175]
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[14901]: 0495F4352D:
                > message-id=<E1Vqr1u-0000Kr-8U@...>
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 0495F4352D: from=<>,
                > size=3277, nrcpt=1 (queue active)
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: disconnect from
                > mail-yh0-f43.google.com[209.85.213.43]
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: 1A8B34355B:
                > client=mail-qc0-f175.google.com[209.85.216.175]
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[9395]: 1A8B34355B:
                > message-id=<E1VqlGm-0005Pe-LV@...>
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 1A8B34355B: from=<>,
                > size=3280, nrcpt=1 (queue active)
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: disconnect from
                > mail-qc0-f175.google.com[209.85.216.175]
                > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[1060]: connect from
                > mail-qc0-f176.google.com[209.85.216.176]
                >
                >
                >
                > my queue is growing very big and can't really figure out how do i drop this
                > connections and do not reply to them at all...
                >
                > thanks...
                >
              • don magnify
                thanks wietse.. i saw that earlier i was just hoping to avoid writing regular expressions...
                Message 7 of 12 , Dec 11, 2013
                • 0 Attachment
                  thanks wietse..   i saw that earlier i was just hoping to avoid writing regular expressions...


                  On Wed, Dec 11, 2013 at 6:02 PM, Wietse Venema <wietse@...> wrote:
                  don magnify:
                  > i have a machine heavily hit with a bunch of from=<> messages...
                  ...
                  > my queue is growing very big and can't really figure out  how do i drop
                  > this connections and do not reply to them at all...

                  See:
                  http://www.postfix.org/BACKSCATTER_README.html

                          Wietse

                • Viktor Dukhovni
                  ... Perhaps you re a victim of the dreaded p_d_m_s: http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains Set it empty. -- Viktor.
                  Message 8 of 12 , Dec 11, 2013
                  • 0 Attachment
                    On Wed, Dec 11, 2013 at 05:52:44PM -0500, don magnify wrote:

                    > my /etc/postfix/access looks like:
                    >
                    > .eigbox.net DISCARD
                    > .yourhostingaccount.com DISCARD

                    Perhaps you're a victim of the dreaded p_d_m_s:

                    http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                    Set it empty.

                    --
                    Viktor.
                  • Noel Jones
                    ... [Please post in plain text only - the HTML markup makes the logs difficult to read] For non-delivery notices, the BACKSCATTER_README is helpful.
                    Message 9 of 12 , Dec 11, 2013
                    • 0 Attachment
                      On 12/11/2013 4:52 PM, don magnify wrote:
                      >
                      >
                      > hi all....
                      >
                      > i have a machine heavily hit with a bunch of from=<> messages...

                      [Please post in plain text only - the HTML markup makes the logs
                      difficult to read]


                      For non-delivery notices, the BACKSCATTER_README is helpful.
                      http://www.postfix.org/BACKSCATTER_README.html


                      >
                      > i read around and implemented the access solution as in:
                      >
                      > /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
                      > smtpd_client_restrictions <http://www.postfix.org/postconf.5.html#smtpd_client_restrictions> =
                      > check_client_access <http://www.postfix.org/postconf.5.html#check_client_access> hash <http://www.postfix.org/DATABASE_README.html#types>:/etc/postfix/access
                      >
                      > /etc/postfix/access:
                      > 1.2.3 REJECT
                      > 1.2.3.4 OK
                      >
                      >
                      > my /etc/postfix/access looks like:
                      >
                      >
                      > .eigbox.net <http://eigbox.net> DISCARD
                      > .yourhostingaccount.com <http://yourhostingaccount.com> DISCARD
                      >
                      > and did the postmap command
                      >
                      >
                      > how do i know it's working? i still get lots of these in my maillog:
                      >
                      >
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: 0495F4352D: client=mail-yh0-f43.google.com <http://mail-yh0-f43.google.com>[209.85.213.43]
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: connect from mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[14901]: 0495F4352D: message-id=<E1Vqr1u-0000Kr-8U@... <mailto:E1Vqr1u-0000Kr-8U@...>>
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 0495F4352D: from=<>, size=3277, nrcpt=1 (queue active)
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: disconnect from mail-yh0-f43.google.com <http://mail-yh0-f43.google.com>[209.85.213.43]
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: 1A8B34355B: client=mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[9395]: 1A8B34355B: message-id=<E1VqlGm-0005Pe-LV@... <mailto:E1VqlGm-0005Pe-LV@...>>
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 1A8B34355B: from=<>, size=3280, nrcpt=1 (queue active)
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: disconnect from mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                      > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[1060]: connect from mail-qc0-f176.google.com <http://mail-qc0-f176.google.com>[209.85.216.176]
                      >

                      Assuming the above is not obfuscated, it's probably not working.

                      - The check_client_access checks the information logged by postfix
                      as "smtpd[...]: connect from CLIENTHOSTNAME[CLIENTIP]"
                      In the above examples, it's mail-...google.com

                      - Never DISCARD mail if you can get rid of it with a REJECT. Using
                      DISCARD intentionally breaks the principal that mail shouldn't
                      disappear into a black hole -- don't use DISCARD unless REJECT is
                      somehow ineffective.

                      - Default postfix settings assume access files without a leading
                      dot, ie:
                      eigbox.net REJECT
                      yourhostingaccount.com REJECT
                      http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                      And finally, it appears you're trying to block based on the
                      Message-ID: logged by postfix. I don't know if that will be
                      effective or not, but header_checks is the tool:
                      http://www.postfix.org/header_checks.5.html
                      a simple example:
                      # main.cf
                      header_checks = regexp:/etc/postfix/header_checks

                      # /etc/postfix/header_checks
                      IF /^Message-ID: /
                      /\.eigbox\.net/ REJECT
                      /\.yourhostingaccount\.com/ REJECT
                      ENDIF


                      If you need more help, please see:
                      http://www.postfix.org/DEBUG_README.html#mail


                      -- Noel Jones
                    • don magnify
                      thanks noel...
                      Message 10 of 12 , Dec 11, 2013
                      • 0 Attachment
                        thanks noel...


                        On Wed, Dec 11, 2013 at 6:20 PM, Noel Jones <njones@...> wrote:
                        On 12/11/2013 4:52 PM, don magnify wrote:
                        >
                        >
                        > hi all....
                        >
                        > i have a machine heavily hit with a bunch of from=<> messages...

                        [Please post in plain text only - the HTML markup makes the logs
                        difficult to read]


                        For non-delivery notices, the BACKSCATTER_README is helpful.
                        http://www.postfix.org/BACKSCATTER_README.html


                        >
                        > i read around and implemented the access solution as in:
                        >
                        > /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
                        >            smtpd_client_restrictions <http://www.postfix.org/postconf.5.html#smtpd_client_restrictions> =
                        >                check_client_access <http://www.postfix.org/postconf.5.html#check_client_access> hash <http://www.postfix.org/DATABASE_README.html#types>:/etc/postfix/access
                        >
                        >        /etc/postfix/access:
                        >            1.2.3   REJECT
                        >            1.2.3.4 OK
                        >
                        >
                        > my /etc/postfix/access looks like:
                        >
                        >
                        > .eigbox.net <http://eigbox.net>                     DISCARD
                        > .yourhostingaccount.com <http://yourhostingaccount.com>         DISCARD
                        >
                        > and did the postmap command
                        >
                        >
                        > how do i know it's working? i still get lots of these in my maillog:
                        >
                        >
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: 0495F4352D: client=mail-yh0-f43.google.com <http://mail-yh0-f43.google.com>[209.85.213.43]
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: connect from mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[14901]: 0495F4352D: message-id=<E1Vqr1u-0000Kr-8U@... <mailto:E1Vqr1u-0000Kr-8U@...>>
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 0495F4352D: from=<>, size=3277, nrcpt=1 (queue active)
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: disconnect from mail-yh0-f43.google.com <http://mail-yh0-f43.google.com>[209.85.213.43]
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: 1A8B34355B: client=mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[9395]: 1A8B34355B: message-id=<E1VqlGm-0005Pe-LV@... <mailto:E1VqlGm-0005Pe-LV@...>>
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 1A8B34355B: from=<>, size=3280, nrcpt=1 (queue active)
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: disconnect from mail-qc0-f175.google.com <http://mail-qc0-f175.google.com>[209.85.216.175]
                        > Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[1060]: connect from mail-qc0-f176.google.com <http://mail-qc0-f176.google.com>[209.85.216.176]
                        >

                        Assuming the above is not obfuscated, it's probably not working.

                        - The check_client_access checks the information logged by postfix
                        as "smtpd[...]: connect from CLIENTHOSTNAME[CLIENTIP]"
                        In the above examples, it's mail-...google.com

                        - Never DISCARD mail if you can get rid of it with a REJECT. Using
                        DISCARD intentionally breaks the principal that mail shouldn't
                        disappear into a black hole -- don't use DISCARD unless REJECT is
                        somehow ineffective.

                        - Default postfix settings assume access files without a leading
                        dot, ie:
                        eigbox.net  REJECT
                        yourhostingaccount.com  REJECT
                        http://www.postfix.org/postconf.5.html#parent_domain_matches_subdomains

                        And finally, it appears you're trying to block based on the
                        Message-ID: logged by postfix. I don't know if that will be
                        effective or not, but header_checks is the tool:
                        http://www.postfix.org/header_checks.5.html
                        a simple example:
                        # main.cf
                        header_checks = regexp:/etc/postfix/header_checks

                        # /etc/postfix/header_checks
                        IF /^Message-ID: /
                        /\.eigbox\.net/  REJECT
                        /\.yourhostingaccount\.com/  REJECT
                        ENDIF


                        If you need more help, please see:
                        http://www.postfix.org/DEBUG_README.html#mail


                          -- Noel Jones

                      • Regan Yelcich
                        Re: blocking with iptables try this script it works a treat - see my notes at the bottom of the page for minor fixes:
                        Message 11 of 12 , Dec 11, 2013
                        • 0 Attachment
                          Re: blocking with iptables try this script it works a treat - see my notes at the bottom of the page for minor fixes:


                          On 12/12/2013, at 11:52 am, don magnify <magnuscelzious@...> wrote:



                          hi all....

                          i have a machine heavily hit with a bunch of from=<> messages...

                          i read around and implemented the access solution as in:

                          /etc/postfix/main.cf:
                                     smtpd_client_restrictions =
                                         check_client_access hash:/etc/postfix/access
                          
                                 /etc/postfix/access:
                                     1.2.3   REJECT
                                     1.2.3.4 OK

                          my /etc/postfix/access looks like:

                          .eigbox.net                     DISCARD
                          .yourhostingaccount.com         DISCARD
                          
                          
                          and did the postmap command

                          how do i know it's working? i still get lots of these in my maillog:

                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: 0495F4352D: client=mail-yh0-f43.google.com[209.85.213.43]
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: connect from mail-qc0-f175.google.com[209.85.216.175]
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[14901]: 0495F4352D: message-id=<E1Vqr1u-0000Kr-8U@...>
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 0495F4352D: from=<>, size=3277, nrcpt=1 (queue active)
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[23960]: disconnect from mail-yh0-f43.google.com[209.85.213.43]
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: 1A8B34355B: client=mail-qc0-f175.google.com[209.85.216.175]
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/cleanup[9395]: 1A8B34355B: message-id=<E1VqlGm-0005Pe-LV@...>
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/qmgr[12941]: 1A8B34355B: from=<>, size=3280, nrcpt=1 (queue active)
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[7889]: disconnect from mail-qc0-f175.google.com[209.85.216.175]
                          Dec 11 17:52:11 ip-10-114-59-124 postfix/smtpd[1060]: connect from mail-qc0-f176.google.com[209.85.216.176]
                          


                          my queue is growing very big and can't really figure out  how do i drop this connections and do not reply to them at all...

                          thanks...

                        • Benny Pedersen
                          ... post postconf -n my guess is that you use smtp auth to your google account and the recipient does not exists, then google bounce since it authed mail
                          Message 12 of 12 , Dec 11, 2013
                          • 0 Attachment
                            don magnify skrev den 2013-12-11 23:52:

                            > i have a machine heavily hit with a bunch of from=<> messages...

                            post postconf -n

                            my guess is that you use smtp auth to your google account and the
                            recipient does not exists, then google bounce since it authed mail
                            sender :)

                            only a wild guess
                          Your message has been successfully submitted and would be delivered to recipients shortly.