Loading ...
Sorry, an error occurred while loading the content.
 

Re: Unconditional Accept for mynetworks

Expand Messages
  • Stephen Carville
    On Thu, Apr 1, 2010 at 10:11 AM, Stephen Carville ... Forget my current config alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases
    Message 1 of 5 , Apr 1 10:23 AM
      On Thu, Apr 1, 2010 at 10:11 AM, Stephen Carville
      <stephen.carville@...> wrote:
      > Is there way to have postfix relay _any_ mail from $mynetworks but
      > still check other mail against the relay_recipient_maps?
      >
      > I have been forwarding bad addresses to the held desk but the
      > developers tell me they have to see the original subject line.

      Forget my current config

      alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      debug_peer_level = 2
      delay_notice_recipient = scarville@...
      delay_warning_time = 1h
      disable_vrfy_command = yes
      error_notice_recipient = scarville@...
      home_mailbox = Maildir/
      html_directory = no
      inet_interfaces = all
      mail_owner = postfix
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      message_size_limit = 26214400
      minimal_backoff_time = 300s
      mydestination = $myhostname, localhost.$mydomain, localhost cadmzmx01.lereta.com
      mydomain = lereta.com
      myhostname = mx01.lereta.com
      mynetworks = cidr:/etc/postfix/mynetworks
      newaliases_path = /usr/bin/newaliases.postfix
      notify_classes = resource, software, delay, bounce
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
      recipient_canonical_maps = hash:/etc/postfix/recipient_canonical_map
      relay_domains = closetheloan.com
      dpsi-corp.com
      it.lereta.com
      lereta.com
      lereta.net
      lereta.org
      source.totalflood.com
      taxandflood.com
      taxandflood.net
      taxandflood.org
      totalflood.com
      totalflood.net
      totalflood.org
      relay_recipient_maps = hash:/etc/postfix/relay_recipients
      sample_directory = /usr/share/doc/postfix-2.3.3/samples
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      smtp_tls_note_starttls_offer = yes
      smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_map
      smtpd_delay_reject = yes
      smtpd_helo_required = yes
      smtpd_recipient_restrictions =
      check_recipient_access pcre:/etc/postfix/drop_list
      permit_mynetworks
      reject_unauth_destination
      check_client_access cidr:/etc/postfix/accept_by_ip
      reject_invalid_helo_hostname
      reject_non_fqdn_helo_hostname
      reject_unknown_sender_domain
      check_helo_access pcre:/etc/postfix/helo_check
      reject_unauth_pipelining
      check_sender_access hash:/etc/postfix/accept_by_domain
      reject_rbl_client zen.spamhaus.org
      check_client_access cidr:/etc/postfix/reject_by_ip
      check_client_access hash:/etc/postfix/reject_by_client
      check_sender_access hash:/etc/postfix/reject_by_domain
      check_recipient_access hash:/etc/postfix/filtered_domains
      permit
      smtpd_tls_CAfile = /etc/pki/tls/certs/gd_bundle.crt
      smtpd_tls_cert_file = /etc/pki/tls/certs/wildcard.lereta.com.crt
      smtpd_tls_key_file = /etc/pki/tls/private/wildcard.lereta.com.key
      smtpd_tls_loglevel = 1
      smtpd_tls_mandatory_protocols = TLSv1,SSLv3
      smtpd_tls_security_level = may
      tls_random_source = dev:/dev/urandom
      unknown_local_recipient_reject_code = 550
      --
      Stephen Carville
    • Noel Jones
      ... General idea, main.cf: smtpd_reject_unlisted_recipient = no smtpd_reject_unlisted_sender = no smtpd_recipient_restrictions = permit_mynetworks
      Message 2 of 5 , Apr 1 10:47 AM
        On 4/1/2010 12:11 PM, Stephen Carville wrote:
        > Is there way to have postfix relay _any_ mail from $mynetworks but
        > still check other mail against the relay_recipient_maps?
        >
        > I have been forwarding bad addresses to the held desk but the
        > developers tell me they have to see the original subject line.
        >

        General idea, main.cf:
        smtpd_reject_unlisted_recipient = no
        smtpd_reject_unlisted_sender = no
        smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_unlisted_recipient
        reject_unlisted_sender
        ... other stuff ...




        -- Noel Jones
      • Wietse Venema
        ... Set main.cf:smtpd_reject_unlisted_recipient=no, then add reject_unlisted_recipient after permit_mynetworks. Then, hope that your local machines never
        Message 3 of 5 , Apr 1 10:48 AM
          Stephen Carville:
          > On Thu, Apr 1, 2010 at 10:11 AM, Stephen Carville
          > <stephen.carville@...> wrote:
          > > Is there way to have postfix relay _any_ mail from $mynetworks but
          > > still check other mail against the relay_recipient_maps?
          > >
          > > I have been forwarding bad addresses to the held desk but the
          > > developers tell me they have to see the original subject line.

          Set main.cf:smtpd_reject_unlisted_recipient=no, then add
          "reject_unlisted_recipient" after "permit_mynetworks.

          Then, hope that your local machines never get infected with malware.

          Wietse
        • Stephen Carville
          ... Thank you very much. ... Amen to that... -- Stephen Carville
          Message 4 of 5 , Apr 1 12:16 PM
            On Thu, Apr 1, 2010 at 10:48 AM, Wietse Venema <wietse@...> wrote:
            > Stephen Carville:
            >> On Thu, Apr 1, 2010 at 10:11 AM, Stephen Carville
            >> <stephen.carville@...> wrote:
            >> > Is there way to have postfix relay _any_ mail from $mynetworks but
            >> > still check other mail against the relay_recipient_maps?
            >> >
            >> > I have been forwarding bad addresses to the held desk but the
            >> > developers tell me they have to see the original subject line.
            >
            > Set main.cf:smtpd_reject_unlisted_recipient=no, then add
            > "reject_unlisted_recipient" after "permit_mynetworks.

            Thank you very much.

            > Then, hope that your local machines never get infected with malware.

            Amen to that...

            --
            Stephen Carville
          Your message has been successfully submitted and would be delivered to recipients shortly.