Loading ...
Sorry, an error occurred while loading the content.

Re: check_client_access

Expand Messages
  • mouss
    ... depends on what the prize is :) ... so the sender is . see below. ... From http://www.postfix.org/access.5.html in the EMAIL ADDRESS PATTERNS section,
    Message 1 of 17 , Feb 1, 2009
    • 0 Attachment
      Rocco Scappatura a écrit :
      > Mouss,
      >
      >>> [snip]
      >>>
      >>> :-D
      >>>
      >>> [snip]
      >> dogs ate logs?
      >>
      >
      > Very cool from you.. as usual!
      >
      > You have won a prize.. :-) <-- Is it ok so? ;-)
      >

      depends on what the prize is :)


      >> - show logs that prove what you claimed
      >
      > Feb 1 06:02:50 av5 postfix/smtpd[32172]: NOQUEUE: reject: RCPT from
      > unknown[83.103.67.197]: 550 5.1.1 <staff@...: Recipient address
      > rejected: undeliverable address: host
      > srvmailvb.domain.intranet[10.36.20.100] said: 550 5.1.1 User unknown (in
      > reply to RCPT TO command); from=<> to=<staff@...> proto=ESMTP
      > helo=<clus2.istge.it>
      >

      so the sender is "<>". see below.

      >> - show 'postmap -q' results (for all the keys that postfix uses. see the
      >> man page of access for the lookup order).
      >
      > Cound you instruct me about the order postfix applies the restrictions
      > (you can see "postconf" output in my previous email.. Thanks.)
      >

      From
      http://www.postfix.org/access.5.html
      in the EMAIL ADDRESS PATTERNS section, the order is:
      user@domain
      domain.tld
      user@


      so you would do
      # postmap -q joe@... proxy:mysql:/....
      # postmap -q domain.example proxy:mysql:/....
      # postmap -q joe@ proxy:mysql:/....

      > Anyway,
      >
      > # postmap -q staff@...
      > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
      > REJECT
      >
      >> you also need to make your mind: the subject contains
      >> "check_client_access". your question was about "check_sender_access",
      >
      > OK. Sorry I have wrong my subject..
      >
      >> and your explanation was about a "receiver". That's 3 different things...
      >
      > So.. What I have to do to block a message based on the receiver?
      >

      check_recipient_access.

      >> PS. it would be safer to put your check_sender_access in
      >> smtpd_sender_restrictions so that an error in your sql query doesn't
      >> make you an open relay.
      >
      > Why is safer? Could have any side effect in my configuration? Thanks.
      >

      it's ok if you don't return "OK" in your map (Annie, are you OK?). but
      one day, you'll be tired and you'll add an entry to your map...

      this is why it is generally safer to put check_*_access after
      reject_unauth_destination in smtpd_recipient_restrictions, or to put
      them in other restrictions (latter if you want them to apply to both
      inbound and outbound mail).
    • Rocco Scappatura
      Mouss, ... This is the restictions in my main.cf file: smtpd_client_restrictions = check_client_access
      Message 2 of 17 , Feb 1, 2009
      • 0 Attachment
        Mouss,

        >>> and your explanation was about a "receiver". That's 3 different
        >>> things...
        >>
        >> So.. What I have to do to block a message based on the receiver?
        >>
        >
        > check_recipient_access.
        >
        >>> PS. it would be safer to put your check_sender_access in
        >>> smtpd_sender_restrictions so that an error in your sql query doesn't
        >>> make you an open relay.
        >>
        >> Why is safer? Could have any side effect in my configuration? Thanks.
        >>
        >
        > it's ok if you don't return "OK" in your map (Annie, are you OK?). but
        > one day, you'll be tired and you'll add an entry to your map...
        >
        > this is why it is generally safer to put check_*_access after
        > reject_unauth_destination in smtpd_recipient_restrictions, or to put
        > them in other restrictions (latter if you want them to apply to both
        > inbound and outbound mail).

        This is the restictions in my main.cf file:

        smtpd_client_restrictions =
        check_client_access
        proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf

        smtpd_helo_restrictions =
        smtpd_sender_restrictions =

        smtpd_recipient_restrictions =
        check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
        check_recipient_access
        proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
        check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf
        permit_mynetworks
        permit_sasl_authenticated
        check_policy_service inet:127.0.0.1:54000
        reject_unauth_destination
        .
        .
        .

        How do I have to modify it so that I could block an email address either
        if is the sender or one of the recipients, AND either if the message is
        incoming or outgoing?

        Maybe so (assuming that the action will never be "OK")...

        smtpd_client_restrictions =
        check_client_access
        proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf

        smtpd_helo_restrictions =
        smtpd_sender_restrictions =
        check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
        check_recipient_access
        proxy:mysql:/etc/postfix/mysql-check-sender-access.cf

        smtpd_recipient_restrictions =
        check_recipient_access
        proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
        check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf
        permit_mynetworks
        permit_sasl_authenticated
        check_policy_service inet:127.0.0.1:54000
        reject_unauth_destination
        .
        .
        .

        Or you have another configuration to propose the is safer?

        rocsca
      • mouss
        ... this one is already in smtpd_sender_restrictions, so just remove it ... what s this for? it s already in smtpd_client_restrictions, so you may or may not
        Message 3 of 17 , Feb 1, 2009
        • 0 Attachment
          Rocco Scappatura a écrit :
          >
          >
          > Mouss,
          >
          >>>> and your explanation was about a "receiver". That's 3 different
          >>>> things...
          >>> So.. What I have to do to block a message based on the receiver?
          >>>
          >> check_recipient_access.
          >>
          >>>> PS. it would be safer to put your check_sender_access in
          >>>> smtpd_sender_restrictions so that an error in your sql query doesn't
          >>>> make you an open relay.
          >>> Why is safer? Could have any side effect in my configuration? Thanks.
          >>>
          >> it's ok if you don't return "OK" in your map (Annie, are you OK?). but
          >> one day, you'll be tired and you'll add an entry to your map...
          >>
          >> this is why it is generally safer to put check_*_access after
          >> reject_unauth_destination in smtpd_recipient_restrictions, or to put
          >> them in other restrictions (latter if you want them to apply to both
          >> inbound and outbound mail).
          >
          > This is the restictions in my main.cf file:
          >
          > smtpd_client_restrictions =
          > check_client_access
          > proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
          >
          > smtpd_helo_restrictions =
          > smtpd_sender_restrictions =
          >
          > smtpd_recipient_restrictions =
          > check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
          > check_recipient_access
          > proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
          > check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf
          > permit_mynetworks
          > permit_sasl_authenticated
          > check_policy_service inet:127.0.0.1:54000
          > reject_unauth_destination
          > .
          > .
          > .
          >
          > How do I have to modify it so that I could block an email address either
          > if is the sender or one of the recipients, AND either if the message is
          > incoming or outgoing?
          >
          > Maybe so (assuming that the action will never be "OK")...
          >
          > smtpd_client_restrictions =
          > check_client_access
          > proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
          >
          > smtpd_helo_restrictions =
          > smtpd_sender_restrictions =
          > check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
          > check_recipient_access
          > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
          >
          > smtpd_recipient_restrictions =
          > check_recipient_access
          > proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf

          this one is already in smtpd_sender_restrictions, so just remove it

          > check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf

          what's this for? it's already in smtpd_client_restrictions, so you may
          or may not need it here.


          > permit_mynetworks
          > permit_sasl_authenticated
          > check_policy_service inet:127.0.0.1:54000

          what's this for? you probably want to put this after
          reject_unauth_destination.

          remember: reject_unauth_destination is what prevents open relay. so
          avoid putting a lot of stuff before it, because you increase the risks.

          and reject_unauth_destination is a very safe a very cheap check, so it's
          good to have it as soon as possible.

          > reject_unauth_destination
          > .
          > .
          > .
          >
          > Or you have another configuration to propose the is safer?
          >

          see above.

          as a general "rule of thumb", put anti-spam checks (I'm talking about
          inbound spam. outbound spam is a different subject) after
          reject_unauth_destination, and put "general restrictions" (that also
          apply to your users) in one of smtpd_(client|helo|sender)_restrictions.
        • Rocco Scappatura
          ... I can t remove it because this lookup return reject_unverified_address for the domains that I maintain but for wich I have no a list of valid recipient:
          Message 4 of 17 , Feb 1, 2009
          • 0 Attachment
            >> How do I have to modify it so that I could block an email address either
            >> if is the sender or one of the recipients, AND either if the message is
            >> incoming or outgoing?
            >>
            >> Maybe so (assuming that the action will never be "OK")...
            >>
            >> smtpd_client_restrictions =
            >> check_client_access
            >> proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
            >>
            >> smtpd_helo_restrictions =
            >> smtpd_sender_restrictions =
            >> check_sender_access
            >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
            >> check_recipient_access
            >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
            >>
            >> smtpd_recipient_restrictions =
            >> check_recipient_access
            >> proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
            >
            > this one is already in smtpd_sender_restrictions, so just remove it
            >

            I can't remove it because this lookup return "reject_unverified_address"
            for the domains that I maintain but for wich I have no a list of valid
            recipient:

            query = select restriction from domain where domain='%s'

            maybe could I put both lookups in smtpd_sender_restrictions?

            check_recipient_access
            proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
            proxy:mysql:/etc/postfix/mysql-check-sender-access.cf

            is it ok?

            >> check_client_access
            >> proxy:mysql:/etc/postfix/mysql-check-client-access.cf
            >
            > what's this for? it's already in smtpd_client_restrictions, so you may
            > or may not need it here.

            It integrate mynetworks (i.e.: return "OK" id an IP is enabled to relay
            trhough my SMTP gateway). I need it.

            >
            >> permit_mynetworks
            >> permit_sasl_authenticated
            >> check_policy_service inet:127.0.0.1:54000
            >
            > what's this for? you probably want to put this after
            > reject_unauth_destination.

            postgrey

            >
            > remember: reject_unauth_destination is what prevents open relay. so
            > avoid putting a lot of stuff before it, because you increase the risks.
            >
            > and reject_unauth_destination is a very safe a very cheap check, so it's
            > good to have it as soon as possible.
            >
            >> reject_unauth_destination
            >> .
            >> .
            >> .
            >>
            >> Or you have another configuration to propose the is safer?
            >>
            >
            > see above.
            >
            > as a general "rule of thumb", put anti-spam checks (I'm talking about
            > inbound spam. outbound spam is a different subject) after
            > reject_unauth_destination, and put "general restrictions" (that also
            > apply to your users) in one of smtpd_(client|helo|sender)_restrictions.

            thanks,

            rocsca
          • Rocco Scappatura
            Sorry, ... I m saying: check_recipient_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf, proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
            Message 5 of 17 , Feb 1, 2009
            • 0 Attachment
              Sorry,

              >>> How do I have to modify it so that I could block an email address
              >>> either
              >>> if is the sender or one of the recipients, AND either if the message is
              >>> incoming or outgoing?
              >>>
              >>> Maybe so (assuming that the action will never be "OK")...
              >>>
              >>> smtpd_client_restrictions =
              >>> check_client_access
              >>> proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
              >>>
              >>> smtpd_helo_restrictions =
              >>> smtpd_sender_restrictions =
              >>> check_sender_access
              >>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
              >>> check_recipient_access
              >>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
              >>>
              >>> smtpd_recipient_restrictions =
              >>> check_recipient_access
              >>> proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
              >>
              >> this one is already in smtpd_sender_restrictions, so just remove it
              >>
              >
              > I can't remove it because this lookup return "reject_unverified_address"
              > for the domains that I maintain but for wich I have no a list of valid
              > recipient:
              >
              > query = select restriction from domain where domain='%s'
              >
              > maybe could I put both lookups in smtpd_sender_restrictions?
              >
              > check_recipient_access
              > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
              > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf

              I'm saying:

              check_recipient_access
              proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
              proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf

              >
              > is it ok?
              >
              >>> check_client_access
              >>> proxy:mysql:/etc/postfix/mysql-check-client-access.cf
              >>
              >> what's this for? it's already in smtpd_client_restrictions, so you may
              >> or may not need it here.
              >
              > It integrate mynetworks (i.e.: return "OK" id an IP is enabled to relay
              > trhough my SMTP gateway). I need it.
              >
              >>
              >>> permit_mynetworks
              >>> permit_sasl_authenticated
              >>> check_policy_service inet:127.0.0.1:54000
              >>
              >> what's this for? you probably want to put this after
              >> reject_unauth_destination.
              >
              > postgrey
              >
              >>
              >> remember: reject_unauth_destination is what prevents open relay. so
              >> avoid putting a lot of stuff before it, because you increase the risks.
              >>
              >> and reject_unauth_destination is a very safe a very cheap check, so it's
              >> good to have it as soon as possible.
              >>
              >>> reject_unauth_destination
              >>> .
              >>> .
              >>> .
              >>>
              >>> Or you have another configuration to propose the is safer?
              >>>
              >>
              >> see above.
              >>
              >> as a general "rule of thumb", put anti-spam checks (I'm talking about
              >> inbound spam. outbound spam is a different subject) after
              >> reject_unauth_destination, and put "general restrictions" (that also
              >> apply to your users) in one of smtpd_(client|helo|sender)_restrictions.
              >
              > thanks,
              >
              > rocsca
              >
              >
            • mouss
              ... sorry, I didn t notice that it was a different map. ... yes. ... check_foo_access checks only one map. so you need to do it like this:
              Message 6 of 17 , Feb 1, 2009
              • 0 Attachment
                Rocco Scappatura a écrit :
                >
                > Sorry,
                >
                >>>> How do I have to modify it so that I could block an email address
                >>>> either
                >>>> if is the sender or one of the recipients, AND either if the message is
                >>>> incoming or outgoing?
                >>>>
                >>>> Maybe so (assuming that the action will never be "OK")...
                >>>>
                >>>> smtpd_client_restrictions =
                >>>> check_client_access
                >>>> proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
                >>>>
                >>>> smtpd_helo_restrictions =
                >>>> smtpd_sender_restrictions =
                >>>> check_sender_access
                >>>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                >>>> check_recipient_access
                >>>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                >>>>
                >>>> smtpd_recipient_restrictions =
                >>>> check_recipient_access
                >>>> proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
                >>> this one is already in smtpd_sender_restrictions, so just remove it
                >>>
                >> I can't remove it

                sorry, I didn't notice that it was a different map.

                > because this lookup return "reject_unverified_address"
                >> for the domains that I maintain but for wich I have no a list of valid
                >> recipient:
                >>
                >> query = select restriction from domain where domain='%s'
                >>
                >> maybe could I put both lookups in smtpd_sender_restrictions?
                >>

                yes.

                >> check_recipient_access
                >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
                >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                >
                > I'm saying:
                >
                > check_recipient_access
                > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
                > proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
                >

                check_foo_access checks only one map. so you need to do it like this:

                check_recipient_access
                proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                check_recipient_access
                proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf


                >> is it ok?
                >>
                >>>> check_client_access
                >>>> proxy:mysql:/etc/postfix/mysql-check-client-access.cf
                >>> what's this for? it's already in smtpd_client_restrictions, so you may
                >>> or may not need it here.
                >> It integrate mynetworks (i.e.: return "OK" id an IP is enabled to relay
                >> trhough my SMTP gateway). I need it.
                >>

                that's ok.

                >>>> permit_mynetworks
                >>>> permit_sasl_authenticated
                >>>> check_policy_service inet:127.0.0.1:54000
                >>> what's this for? you probably want to put this after
                >>> reject_unauth_destination.
                >> postgrey
                >>

                then put it at the end. no point to greylist a relay attempt.

                >>> remember: reject_unauth_destination is what prevents open relay. so
                >>> avoid putting a lot of stuff before it, because you increase the risks.
                >>>
                >>> and reject_unauth_destination is a very safe a very cheap check, so it's
                >>> good to have it as soon as possible.
                >>>
                >>>> reject_unauth_destination
                >>>> .
                >>>> .
                >>>> .
                >>>>
                >>>> Or you have another configuration to propose the is safer?
                >>>>
                >>> see above.
                >>>
                >>> as a general "rule of thumb", put anti-spam checks (I'm talking about
                >>> inbound spam. outbound spam is a different subject) after
                >>> reject_unauth_destination, and put "general restrictions" (that also
                >>> apply to your users) in one of smtpd_(client|helo|sender)_restrictions.
                >> thanks,
                >>
                >> rocsca
                >>
                >>
                >
                >
              • Rocco Scappatura
                Mouss, ... All works fine.. Annie is OK! ;-) Thanks, rocsca
                Message 7 of 17 , Feb 1, 2009
                • 0 Attachment
                  Mouss,

                  >>>>> How do I have to modify it so that I could block an email address
                  >>>>> either
                  >>>>> if is the sender or one of the recipients, AND either if the message
                  >>>>> is
                  >>>>> incoming or outgoing?
                  >>>>>
                  >>>>> Maybe so (assuming that the action will never be "OK")...
                  >>>>>
                  >>>>> smtpd_client_restrictions =
                  >>>>> check_client_access
                  >>>>> proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf
                  >>>>>
                  >>>>> smtpd_helo_restrictions =
                  >>>>> smtpd_sender_restrictions =
                  >>>>> check_sender_access
                  >>>>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                  >>>>> check_recipient_access
                  >>>>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                  >>>>>
                  >>>>> smtpd_recipient_restrictions =
                  >>>>> check_recipient_access
                  >>>>> proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
                  >>>> this one is already in smtpd_sender_restrictions, so just remove it
                  >>>>
                  >>> I can't remove it
                  >
                  > sorry, I didn't notice that it was a different map.
                  >
                  >> because this lookup return "reject_unverified_address"
                  >>> for the domains that I maintain but for wich I have no a list of valid
                  >>> recipient:
                  >>>
                  >>> query = select restriction from domain where domain='%s'
                  >>>
                  >>> maybe could I put both lookups in smtpd_sender_restrictions?
                  >>>
                  >
                  > yes.
                  >
                  >>> check_recipient_access
                  >>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
                  >>> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                  >>
                  >> I'm saying:
                  >>
                  >> check_recipient_access
                  >> proxy:mysql:/etc/postfix/mysql-check-sender-access.cf,
                  >> proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
                  >>
                  >
                  > check_foo_access checks only one map. so you need to do it like this:
                  >
                  > check_recipient_access
                  > proxy:mysql:/etc/postfix/mysql-check-sender-access.cf
                  > check_recipient_access
                  > proxy:mysql:/etc/postfix/mysql-check-recipient-access.cf
                  >
                  >
                  >>> is it ok?
                  >>>
                  >>>>> check_client_access
                  >>>>> proxy:mysql:/etc/postfix/mysql-check-client-access.cf
                  >>>> what's this for? it's already in smtpd_client_restrictions, so you may
                  >>>> or may not need it here.
                  >>> It integrate mynetworks (i.e.: return "OK" id an IP is enabled to relay
                  >>> trhough my SMTP gateway). I need it.
                  >>>
                  >
                  > that's ok.
                  >
                  >>>>> permit_mynetworks
                  >>>>> permit_sasl_authenticated
                  >>>>> check_policy_service inet:127.0.0.1:54000
                  >>>> what's this for? you probably want to put this after
                  >>>> reject_unauth_destination.
                  >>> postgrey
                  >>>
                  >
                  > then put it at the end. no point to greylist a relay attempt.
                  >
                  >>>> remember: reject_unauth_destination is what prevents open relay. so
                  >>>> avoid putting a lot of stuff before it, because you increase the
                  >>>> risks.
                  >>>>
                  >>>> and reject_unauth_destination is a very safe a very cheap check, so
                  >>>> it's
                  >>>> good to have it as soon as possible.
                  >>>>
                  >>>>> reject_unauth_destination
                  >>>>> .
                  >>>>> .
                  >>>>> .
                  >>>>>
                  >>>>> Or you have another configuration to propose the is safer?
                  >>>>>
                  >>>> see above.
                  >>>>
                  >>>> as a general "rule of thumb", put anti-spam checks (I'm talking about
                  >>>> inbound spam. outbound spam is a different subject) after
                  >>>> reject_unauth_destination, and put "general restrictions" (that also
                  >>>> apply to your users) in one of
                  >>>> smtpd_(client|helo|sender)_restrictions.

                  All works fine.. Annie is OK! ;-)

                  Thanks,

                  rocsca
                • Tolga
                  Hi, I have put line in my main.cf check_client_access = cidr:/etc/postfix/sinokorea.cidr I then restarted postfix, but I can t see it in postconf -n. How come?
                  Message 8 of 17 , Jul 22, 2012
                  • 0 Attachment
                    Hi,

                    I have put line in my main.cf

                    check_client_access = cidr:/etc/postfix/sinokorea.cidr

                    I then restarted postfix, but I can't see it in postconf -n. How come?

                    For reference: my postconf -n output is:

                    [root@vps ~]# postconf -n
                    alias_database = hash:/etc/aliases
                    alias_maps = hash:/etc/aliases
                    append_dot_mydomain = no
                    biff = no
                    broken_sasl_auth_clients = yes
                    config_directory = /etc/postfix
                    html_directory = /usr/share/doc/postfix/html
                    inet_interfaces = all
                    mailbox_command = procmail -a "$EXTENSION"
                    mailbox_size_limit = 0
                    mydestination = localhost
                    myhostname = mail.bilgisayarciniz.org
                    mynetworks = 127.0.0.0/8 127.0.0.2/32 109.232.0.0/16
                    myorigin = /etc/mailname
                    readme_directory = /usr/share/doc/postfix
                    recipient_delimiter = +
                    relayhost =
                    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
                    smtpd_recipient_restrictions = permit_sasl_authenticated,
                    permit_mynetworks, reject_unauth_destination,
                    reject_non_fqdn_hostname, reject_non_fqdn_sender,
                    reject_non_fqdn_recipient, reject_unauth_pipelining,
                    reject_invalid_hostname, reject_rbl_client sbl.spamhaus.org,
                    reject_rbl_client xbl.spamhaus.org
                    smtpd_sasl_auth_enable = yes
                    smtpd_sasl_local_domain = $myhostname
                    smtpd_sasl_path = private/auth
                    smtpd_sasl_security_options = noanonymous
                    smtpd_sasl_type = dovecot
                    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
                    virtual_gid_maps = static:5000
                    virtual_mailbox_base = /srv/vmail
                    virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
                    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
                    virtual_minimum_uid = 100
                    virtual_transport = virtual
                    virtual_uid_maps = static:5000

                    Regards,
                  • Wietse Venema
                    ... In Postfix 2.9, this will result in a warning: postconf: warning: /etc/postfix/main.cf: unused parameter:
                    Message 9 of 17 , Jul 22, 2012
                    • 0 Attachment
                      Tolga:
                      > Hi,
                      >
                      > I have put line in my main.cf
                      >
                      > check_client_access = cidr:/etc/postfix/sinokorea.cidr

                      In Postfix 2.9, this will result in a warning:

                      postconf: warning: /etc/postfix/main.cf: unused parameter: check_client_access=cidr:/etc/postfix/sinokorea.cidr

                      And indeed check_client_access is not a parameter name. Instead, it
                      is used inside smtpd_recipient(etc) restrictions.

                      Wietse
                    • Tolga
                      ... Thanks Wietse :)
                      Message 10 of 17 , Jul 22, 2012
                      • 0 Attachment
                        On 07/22/2012 03:12 PM, Wietse Venema wrote:
                        > Tolga:
                        >> Hi,
                        >>
                        >> I have put line in my main.cf
                        >>
                        >> check_client_access = cidr:/etc/postfix/sinokorea.cidr
                        > In Postfix 2.9, this will result in a warning:
                        >
                        > postconf: warning: /etc/postfix/main.cf: unused parameter: check_client_access=cidr:/etc/postfix/sinokorea.cidr
                        >
                        > And indeed check_client_access is not a parameter name. Instead, it
                        > is used inside smtpd_recipient(etc) restrictions.
                        >
                        > Wietse
                        Thanks Wietse :)
                      Your message has been successfully submitted and would be delivered to recipients shortly.