Loading ...
Sorry, an error occurred while loading the content.

check_recipient_access not working

Expand Messages
  • pifoot
    Dear all, I m trying to allow our Postfix server to only send e-mails to a few specified e-mail addresses, i.e., a whitelist. I ve added the following to
    Message 1 of 9 , Apr 11, 2013
    • 0 Attachment
      Dear all,

      I'm trying to allow our Postfix server to only send e-mails to a few
      specified e-mail addresses, i.e., a whitelist.

      I've added the following to main.cf


      *smtpd_recipient_restrictions = check_recipient_access
      hash:/etc/postfix/recipient_access, reject*

      /etc/postfix/recipient_access contains:

      *test@... OK*

      I run

      *postmap /etc/postfix/recipient_access*

      then

      *postfix reload*

      However, e-mails all addresses are delivered, and not just to test@....

      *postfix -n* gives

      *alias_database = hash:/etc/aliases
      alias_maps = hash:/etc/aliases
      allow_percent_hack = no
      broken_sasl_auth_clients = yes
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/libexec/postfix
      data_directory = /var/lib/postfix
      debug_peer_level = 2
      home_mailbox = Maildir/
      html_directory = no
      inet_interfaces = all
      inet_protocols = all
      mail_owner = postfix
      mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
      mailbox_size_limit = 0
      mailq_path = /usr/bin/mailq.postfix
      manpage_directory = /usr/share/man
      mydestination = $myhostname, localhost.$mydomain, localhost,
      hilljaa5.miniserver.com
      newaliases_path = /usr/bin/newaliases.postfix
      queue_directory = /var/spool/postfix
      readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
      sample_directory = /usr/share/doc/postfix-2.6.6/samples
      sender_bcc_maps = hash:/etc/postfix/bcc
      sendmail_path = /usr/sbin/sendmail.postfix
      setgid_group = postdrop
      smtpd_recipient_restrictions = check_recipient_access
      hash:/etc/postfix/recipient_access, reject
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_authenticated_header = yes
      smtpd_sasl_security_options = noanonymous
      unknown_local_recipient_reject_code = 550
      virtual_alias_maps = hash:/etc/postfix/virtual
      *

      I'm not sure what log you want as I can't find a list of what would be
      needed.

      Does anyone have any suggestions, please, as to what I'm doing wrong.

      Thanks,

      Stephen






      --
      View this message in context: http://postfix.1071664.n5.nabble.com/check-recipient-access-not-working-tp56950.html
      Sent from the Postfix Users mailing list archive at Nabble.com.
    • Wietse Venema
      ... Hopefully the * are not included. You can test the access table with: $ postmap -q test@test.com hash:/etc/postfix/recipient_access The result should be
      Message 2 of 9 , Apr 11, 2013
      • 0 Attachment
        pifoot:
        > *smtpd_recipient_restrictions = check_recipient_access
        > hash:/etc/postfix/recipient_access, reject*
        >
        > /etc/postfix/recipient_access contains:
        >
        > *test@... OK*

        Hopefully the "*" are not included.

        You can test the access table with:

        $ postmap -q test@... hash:/etc/postfix/recipient_access

        The result should be

        OK

        If the result is different then the access table won't work.

        Wietse
      • pifoot
        Thank you for your reply. No, the * aren t included. It was because I put the commands and files in bold on the original posting. Running that command doesn t
        Message 3 of 9 , Apr 11, 2013
        • 0 Attachment
          Thank you for your reply. No, the * aren't included. It was because I put the
          commands and files in bold on the original posting.

          Running that command doesn't produce any output. Have you any idea why that
          should be?

          Many thanks,

          Stephen



          --
          View this message in context: http://postfix.1071664.n5.nabble.com/check-recipient-access-not-working-tp56950p56954.html
          Sent from the Postfix Users mailing list archive at Nabble.com.
        • pifoot
          Many thanks for your reply. Apologies. The command DOES return OK for the whitelisted e-mail address. It returns nothing at all for an e-mail address not in
          Message 4 of 9 , Apr 11, 2013
          • 0 Attachment
            Many thanks for your reply.

            Apologies. The command DOES return OK for the whitelisted e-mail address. It
            returns nothing at all for an e-mail address not in the whitelist. However,
            e-mail addresses not in the hash file are still sent and not rejected.

            Thanks,

            Stephen



            --
            View this message in context: http://postfix.1071664.n5.nabble.com/check-recipient-access-not-working-tp56950p56956.html
            Sent from the Postfix Users mailing list archive at Nabble.com.
          • Wietse Venema
            ... Update the Berkeley DB file with: $ postmap hash:/path/to/file Then test with: $ postmap -q emailaddress hash:/path/to/file You can dump the contents of
            Message 5 of 9 , Apr 11, 2013
            • 0 Attachment
              pifoot:
              > Thank you for your reply. No, the * aren't included. It was because I put the
              > commands and files in bold on the original posting.
              >
              > Running that command doesn't produce any output. Have you any idea why that
              > should be?

              Update the Berkeley DB file with:

              $ postmap hash:/path/to/file

              Then test with:

              $ postmap -q emailaddress hash:/path/to/file

              You can "dump" the contents of the Berkeley DB file with:

              $ postmap -s hash:/path/to/file

              Wietse
            • Brian Evans
              ... You have not provided any logs of a mail transaction. We could only guess without it. How is this mail being sent? Is it net based or through the
              Message 6 of 9 , Apr 11, 2013
              • 0 Attachment
                On 4/11/2013 10:49 AM, pifoot wrote:
                > Many thanks for your reply.
                >
                > Apologies. The command DOES return OK for the whitelisted e-mail address. It
                > returns nothing at all for an e-mail address not in the whitelist. However,
                > e-mail addresses not in the hash file are still sent and not rejected.
                >
                You have not provided any logs of a mail transaction.
                We could only guess without it.

                How is this mail being sent? Is it net based or through the sendmail(1)
                command?

                Brian
              • Stephen West
                Thank you for your reply. The messages are sent from /usr/sbin/sendmail The log contains: Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: from=
                Message 7 of 9 , Apr 11, 2013
                • 0 Attachment
                  Thank you for your reply.

                  The messages are sent from /usr/sbin/sendmail

                  The log contains:

                  Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: from=<host@...>, size=310, nrcpt=1 (queue active)
                  Apr 11 16:50:26 hilljaa5 postfix/smtp[2569]: 0B60181F0: to=<test@...>, relay=test.test2.com[31.222.146.154]:25, delay=2.7, delays=2.1/0/0.62/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 34DC9FD82B6)
                  Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: removed

                  Thanks,

                  Stephen



                  On 11 April 2013 15:54, Brian Evans <grknight@...> wrote:
                  On 4/11/2013 10:49 AM, pifoot wrote:
                  Many thanks for your reply.

                  Apologies. The command DOES return OK for the whitelisted e-mail address. It
                  returns nothing at all for an e-mail address not in the whitelist. However,
                  e-mail addresses not in the hash file are still sent and not rejected.

                  You have not provided any logs of a mail transaction.
                  We could only guess without it.

                  How is this mail being sent? Is it net based or through the sendmail(1) command?

                  Brian

                • Brian Evans
                  ... Any mail sent through the sendmail(1) command is not subject to smtpd_* rules. The only option on restriction is which users can send mail through the
                  Message 8 of 9 , Apr 11, 2013
                  • 0 Attachment
                    On 4/11/2013 11:52 AM, Stephen West wrote:
                    Thank you for your reply.

                    The messages are sent from /usr/sbin/sendmail

                    Any mail sent through the sendmail(1) command is not subject to smtpd_* rules.

                    The only option on restriction is which users can send mail through the authorized_submit_users parameter.

                    Brian


                    The log contains:

                    Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: from=<host@...>, size=310, nrcpt=1 (queue active)
                    Apr 11 16:50:26 hilljaa5 postfix/smtp[2569]: 0B60181F0: to=<test@...>, relay=test.test2.com[31.222.146.154]:25, delay=2.7, delays=2.1/0/0.62/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 34DC9FD82B6)
                    Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: removed

                    Thanks,

                    Stephen



                    On 11 April 2013 15:54, Brian Evans <grknight@...> wrote:
                    On 4/11/2013 10:49 AM, pifoot wrote:
                    Many thanks for your reply.

                    Apologies. The command DOES return OK for the whitelisted e-mail address. It
                    returns nothing at all for an e-mail address not in the whitelist. However,
                    e-mail addresses not in the hash file are still sent and not rejected.

                    You have not provided any logs of a mail transaction.
                    We could only guess without it.

                    How is this mail being sent? Is it net based or through the sendmail(1) command?

                    Brian


                  • pifoot
                    Ah. I see. Thank you very much for that. On 11 April 2013 17:05, Brian Evans - Postfix List [via Postfix]
                    Message 9 of 9 , Apr 11, 2013
                    • 0 Attachment
                      Ah. I see. Thank you very much for that.


                      On 11 April 2013 17:05, Brian Evans - Postfix List [via Postfix] <
                      ml-node+s1071664n56963h57@...> wrote:

                      > On 4/11/2013 11:52 AM, Stephen West wrote:
                      >
                      > Thank you for your reply.
                      >
                      > The messages are sent from /usr/sbin/sendmail
                      >
                      >
                      > Any mail sent through the sendmail(1) command is not subject to smtpd_*
                      > rules.
                      >
                      > The only option on restriction is which users can send mail through the
                      > authorized_submit_users parameter.
                      >
                      > Brian
                      >
                      >
                      > The log contains:
                      >
                      > Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: from=<[hidden
                      > email] <http://user/SendEmail.jtp?type=node&node=56963&i=0>>, size=310,
                      > nrcpt=1 (queue active)
                      > Apr 11 16:50:26 hilljaa5 postfix/smtp[2569]: 0B60181F0: to=<[hidden email]<http://user/SendEmail.jtp?type=node&node=56963&i=1>>,
                      > relay=test.test2.com[31.222.146.154]:25, delay=2.7,
                      > delays=2.1/0/0.62/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
                      > 34DC9FD82B6)
                      > Apr 11 16:50:26 hilljaa5 postfix/qmgr[2563]: 0B60181F0: removed
                      >
                      > Thanks,
                      >
                      > Stephen
                      >
                      >
                      >
                      > On 11 April 2013 15:54, Brian Evans <[hidden email]<http://user/SendEmail.jtp?type=node&node=56963&i=2>
                      > > wrote:
                      >
                      >> On 4/11/2013 10:49 AM, pifoot wrote:
                      >>
                      >>> Many thanks for your reply.
                      >>>
                      >>> Apologies. The command DOES return OK for the whitelisted e-mail
                      >>> address. It
                      >>> returns nothing at all for an e-mail address not in the whitelist.
                      >>> However,
                      >>> e-mail addresses not in the hash file are still sent and not rejected.
                      >>>
                      >>> You have not provided any logs of a mail transaction.
                      >> We could only guess without it.
                      >>
                      >> How is this mail being sent? Is it net based or through the sendmail(1)
                      >> command?
                      >>
                      >> Brian
                      >>
                      >
                      >
                      >
                      >
                      > ------------------------------
                      > If you reply to this email, your message will be added to the discussion
                      > below:
                      >
                      > http://postfix.1071664.n5.nabble.com/check-recipient-access-not-working-tp56950p56963.html
                      > To unsubscribe from check_recipient_access not working, click here<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=56950&code=c3dlc3RAcGl0Y2gtaW52YXNpb24uY29tfDU2OTUwfDg5MzQ3MzAxNw==>
                      > .
                      > NAML<http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
                      >




                      --
                      View this message in context: http://postfix.1071664.n5.nabble.com/check-recipient-access-not-working-tp56950p56964.html
                      Sent from the Postfix Users mailing list archive at Nabble.com.
                    Your message has been successfully submitted and would be delivered to recipients shortly.