Loading ...
Sorry, an error occurred while loading the content.

smtpd_relay_restrictions in 2.10.0

Expand Messages
  • Nikolaos Milas
    Hello, I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3 x86_64), building an RPM using Simon J. Mudd s SRPM (for v2.9.x). During installation, I
    Message 1 of 3 , Mar 6, 2013
    • 0 Attachment
      Hello,

      I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3 x86_64),
      building an RPM using Simon J. Mudd's SRPM (for v2.9.x). During
      installation, I got:

      warning: /etc/postfix/main.cf created as /etc/postfix/main.cf.rpmnew
      warning: /etc/postfix/master.cf created as /etc/postfix/master.cf.rpmnew
      COMPATIBILITY: editing /etc/postfix/main.cf, overriding
      smtpd_relay_restrictions to prevent inbound mail from unexpectedly
      bouncing. Specify an empty smtpd_relay_restrictions value to keep
      using smtpd_recipient_restrictions as before.

      So, I thought I should set: "smtpd_relay_restrictions = " but I already
      have:

      smtpd_relay_restrictions = permit_mynetworks
      permit_sasl_authenticated defer_unauth_destination

      So, is there something I should do? (Updated Postfix seems to be working
      fine.)

      # postconf -n
      allowed_list1 = check_client_access cidr:/etc/postfix/vmail.cidr,reject
      allowed_list2 = check_client_access
      cidr:/etc/postfix/internalnetworks.cidr,reject
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      content_filter = smtp-amavis:[127.0.0.1]:10024
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
      xxgdb $daemon_directory/$process_name $process_id & sleep 5
      default_process_limit = 50
      disable_vrfy_command = yes
      enable_long_queue_ids = yes
      html_directory = no
      inet_interfaces = all
      inet_protocols = ipv4, ipv6
      local_recipient_maps =
      local_transport = error:local mail delivery is disabled
      mail_name = NOA Mail Srv XAPITI XPICTOY
      mail_owner = postfix
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      message_size_limit = 15728640
      mydestination =
      mynetworks = 127.0.0.1/32 [::1]/128
      myorigin = $mydomain
      newaliases_path = /usr/bin/newaliases.postfix
      postscreen_dnsbl_action = enforce
      postscreen_dnsbl_sites = b.barracudacentral.org*2, zen.spamhaus.org*2,
      psbl.surriel.com*2
      postscreen_dnsbl_threshold = 2
      postscreen_greet_action = enforce
      queue_directory = /var/spool/postfix
      relay_domains = noa.gr, astro.noa.gr, admin.noa.gr, nestor.noa.gr
      space.noa.gr, meteo.noa.gr, gein.noa.gr, technet.noa.gr
      relay_recipient_maps =
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      smtpd_recipient_restrictions = check_sender_access
      hash:/etc/postfix/blacklisted_senders, reject_unverified_recipient,
      reject_unauth_destination, check_recipient_access
      hash:/etc/postfix/protected_destinations, permit_mynetworks,
      reject_invalid_hostname, reject_unauth_pipelining,
      reject_non_fqdn_sender, reject_unknown_sender_domain,
      reject_non_fqdn_recipient, reject_unknown_recipient_domain,
      reject_rbl_client b.barracudacentral.org, reject_rbl_client
      zen.spamhaus.org, reject_rbl_client psbl.surriel.com,
      reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_sender
      dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org,
      check_policy_service unix:postgrey/socket, permit
      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
      defer_unauth_destination
      smtpd_restriction_classes = allowed_list1,allowed_list2
      transport_maps = hash:/etc/postfix/transportmap
      unknown_local_recipient_reject_code = 550
      unverified_sender_reject_code = 550
      virtual_alias_maps = hash:/etc/postfix/virtualmap

      Thanks,
      Nick
    • Reindl Harald
      ... which would kill your server ... if smtpd_relay_restrictions = permit_mynetworks is what you want use it the new default is for instalaltions which did
      Message 2 of 3 , Mar 6, 2013
      • 0 Attachment
        Am 06.03.2013 11:08, schrieb Nikolaos Milas:

        > I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3 x86_64), building an RPM using Simon J. Mudd's SRPM
        > (for v2.9.x). During installation, I got:
        >
        > warning: /etc/postfix/main.cf created as /etc/postfix/main.cf.rpmnew
        > warning: /etc/postfix/master.cf created as /etc/postfix/master.cf.rpmnew
        > COMPATIBILITY: editing /etc/postfix/main.cf, overriding
        > smtpd_relay_restrictions to prevent inbound mail from unexpectedly
        > bouncing. Specify an empty smtpd_relay_restrictions value to keep
        > using smtpd_recipient_restrictions as before.
        >
        > So, I thought I should set: "smtpd_relay_restrictions = "

        which would kill your server

        > but I already have:
        >
        > smtpd_relay_restrictions = permit_mynetworks
        > permit_sasl_authenticated defer_unauth_destination
        >
        > So, is there something I should do? (Updated Postfix seems to be working fine.)

        if "smtpd_relay_restrictions = permit_mynetworks" is what you want use it
        the new default is for instalaltions which did not set it at all and
        especially for completly new setups to minimize the danger of a open
        relay more as before
      • Noel Jones
        ... Hash: SHA1 ... Kill seems the wrong word here. This is, in fact, one of the recommended choices for backward compatibility. This disables the new
        Message 3 of 3 , Mar 6, 2013
        • 0 Attachment
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          On 3/6/2013 4:19 AM, Reindl Harald wrote:
          >
          >
          > Am 06.03.2013 11:08, schrieb Nikolaos Milas:
          >
          >> I had a postfix 2.9.4 and upgraded to 2.10.0 (on CentOS 6.3
          >> x86_64), building an RPM using Simon J. Mudd's SRPM (for
          >> v2.9.x). During installation, I got:
          >>
          >> warning: /etc/postfix/main.cf created as
          >> /etc/postfix/main.cf.rpmnew warning: /etc/postfix/master.cf
          >> created as /etc/postfix/master.cf.rpmnew COMPATIBILITY:
          >> editing /etc/postfix/main.cf, overriding
          >> smtpd_relay_restrictions to prevent inbound mail from
          >> unexpectedly bouncing. Specify an empty
          >> smtpd_relay_restrictions value to keep using
          >> smtpd_recipient_restrictions as before.
          >>
          >> So, I thought I should set: "smtpd_relay_restrictions = "
          >
          > which would kill your server

          Kill seems the wrong word here.

          This is, in fact, one of the recommended choices for backward
          compatibility. This disables the new smtpd_relay_restrictions
          feature and causes postfix to behave exactly as before. Setting
          "smtpd_relay_restrictions = " is very unlikely to break an
          existing, working installation, but you lose the benefit of the
          new feature.

          See RELEASE_NOTES for details.

          >
          >> but I already have:
          >>
          >> smtpd_relay_restrictions = permit_mynetworks
          >> permit_sasl_authenticated defer_unauth_destination

          This is the safety net added by the postfix upgrade procedure.
          See RELEASE_NOTES for details.


          >>
          >> So, is there something I should do? (Updated Postfix seems to
          >> be working fine.)


          If you have a "standard" setup, change the above
          defer_unauth_destination to reject_unauth_destination. If you
          have a complex relay policy already defined in
          smtpd_recipient_restrictions, then set smtpd_relay_restrictions
          empty. See RELEASE_NOTES for details.



          -- Noel Jones
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v2.0.17 (MingW32)
          Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

          iQEcBAEBAgAGBQJRNzhGAAoJEJGRUHb5Oh6g19IIAJY4rARiNqF1MTf33Vxb+mp6
          PiIN4tYiAUsdgt4Digh7fptohMa3G2OpLkHd+wTlzpuB75lSvN3OIXdT1KZjQhCT
          EEk8jxDZG8uYi8lEuoT89w6sebyhbWlT95+T+8dcpj3DUxqgTG8jsNtmz41hHjjb
          UG6IC6PmOXemtdhCVqSaLNymBVDPpdfbeSEeEkyR3B2MF5qaZoIRWwWkpQtb6Wwl
          TBzTBgFt1EBQ7AtN1IrBTU8XizAKlXeQZK7BB8j0cPG+Amsf76cnoKOv+vEEpoot
          /Rc/3rMO+01Wmrua1NcAIycL2vkcWCChqSvnj0akA2JH5ECOkiuAsmriSYfKFLQ=
          =gOiV
          -----END PGP SIGNATURE-----
        Your message has been successfully submitted and would be delivered to recipients shortly.