Loading ...
Sorry, an error occurred while loading the content.

postfix configuration

Expand Messages
  • Stefano Gatto
    Hi all I m trying to configure postfix 2.7.1 to protect internal mailing list with the restriction classes as per
    Message 1 of 3 , Oct 9, 2013
    • 0 Attachment
      Hi all
      I'm trying to configure postfix 2.7.1 to protect internal mailing list with
      the restriction classes as per
      http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
      Example
      /etc/postfix/main.cf:
      smtpd_recipient_restrictions =
      ...
      check_recipient_access hash:/etc/postfix/protected_destinations
      ...the usual stuff...

      smtpd_restriction_classes = insiders_only
      insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

      Everything works as expected, If a client not in insider.db try to send a
      mail with the list in filed to: the mail bounce back to sender.
      The problem arise when someone send an email to a real mailbox in field TO:
      and to the list in field CC:
      In that situation the mail server forwards the email to everyone in the
      list.
      Can someone help me to reconfigure postfix not to forward to the list
      address even if is in the field CC:?
      Tya Stefano
    • Jeroen Geilman
      ... That s because a message may have many recipients, but only one sender. Reverse the restriction class logic: FIRST check if any recipients are in your
      Message 2 of 3 , Oct 9, 2013
      • 0 Attachment
        On 10/09/2013 10:03 PM, Stefano Gatto wrote:
        > Hi all
        > I'm trying to configure postfix 2.7.1 to protect internal mailing list with
        > the restriction classes as per
        > http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
        > Example
        > /etc/postfix/main.cf:
        > smtpd_recipient_restrictions =
        > ...
        > check_recipient_access hash:/etc/postfix/protected_destinations
        > ...the usual stuff...
        >
        > smtpd_restriction_classes = insiders_only
        > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
        >
        > Everything works as expected, If a client not in insider.db try to send a
        > mail with the list in filed to: the mail bounce back to sender.
        > The problem arise when someone send an email to a real mailbox in field TO:
        > and to the list in field CC:
        > In that situation the mail server forwards the email to everyone in the
        > list.

        That's because a message may have many recipients, but only one sender.
        Reverse the restriction class logic: FIRST check if any recipients are
        in your restricted list, and then check if the sender is in insiders.db,
        and allow it if it is.
        This causes the sole recipient to be rejected, but not the message.

        That is what should be happening with your setup too, but you don't show
        the full configuration as requested in the list welcome message, and I
        won't guess.

        > Can someone help me to reconfigure postfix not to forward to the list
        > address even if is in the field CC:?

        A recipient is a recipient (is a recipient...); one is not more special
        than any other.

        --
        J.
      • Noel Jones
        ... Postfix never makes delivery decisions based on headers, so you should recheck your evidence. Note that a multi-recipient message that includes both banned
        Message 3 of 3 , Oct 9, 2013
        • 0 Attachment
          On 10/9/2013 3:03 PM, Stefano Gatto wrote:
          > Hi all
          > I'm trying to configure postfix 2.7.1 to protect internal mailing list with
          > the restriction classes as per
          > http://www.postfix.org/RESTRICTION_CLASS_README.html#internal
          > Example
          > /etc/postfix/main.cf:
          > smtpd_recipient_restrictions =
          > ...
          > check_recipient_access hash:/etc/postfix/protected_destinations
          > ...the usual stuff...
          >
          > smtpd_restriction_classes = insiders_only
          > insiders_only = check_sender_access hash:/etc/postfix/insiders, reject
          >
          > Everything works as expected, If a client not in insider.db try to send a
          > mail with the list in filed to: the mail bounce back to sender.
          > The problem arise when someone send an email to a real mailbox in field TO:
          > and to the list in field CC:
          > In that situation the mail server forwards the email to everyone in the
          > list.
          > Can someone help me to reconfigure postfix not to forward to the list
          > address even if is in the field CC:?
          > Tya Stefano
          >


          Postfix never makes delivery decisions based on headers, so you
          should recheck your evidence.

          Note that a multi-recipient message that includes both banned and
          permitted recipients will only block the banned recipients. The
          permitted recipients will still receive the message and the headers
          may make it *appear* it was delivered to the banned recipients.

          Also, you seem to use "sender" and "client" interchangeably above.
          Maybe just a typo, but be sure you understand the difference.

          If you need more help, you'll need to show us exactly what you've
          configured and logs of the undesired behavior.
          http://www.postfix.org/DEBUG_README.html#mail




          -- Noel Jones
        Your message has been successfully submitted and would be delivered to recipients shortly.