[Postfixbuch-users] Bestimmte Sender-Adresse aussperren
Andre Tann
atann at alphasrv.net
Mi Feb 4 14:07:30 CET 2009
Sandy Drobic, Mittwoch, 4. Februar 2009 11:38:
> die Postfix-Checks werden der Reihe nach abgearbeitet. Wenn ein
> Check davor "OK/permit" sagt, wird die Mail angenommen, bevor
> deine Regel greift.
>
> Jetzt immer unter der Annahme, dass es sich hier wirklich um den
> Envelope Sender handelt und nicht um das "From: "-Feld innerhalb
> der Mail.
Nein, ich meine schon den Envelope-Sender, denn ich tippe es zum
Test in den smtp-Chat händisch ein.
Hier die Konfiguration:
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
check_client_access hash:/etc/postfix/tables/check_client_access
check_sender_access hash:/etc/postfix/tables/check_sender_access
[...]
So wie ich das sehe ist da kein Check, der ein OK gibt. Insbesondere
in check_client_access stehen im Moment nur genau zwei Namen mit
einem OK, und das sind meine eigenen Server. Außer diesen zwei
Zeilen ist die Datei leer.
Die Logzeilen:
Feb 4 11:07:29 mail postfix/qmgr[8756]: 9905E3C008A0:
from=<today at bounce.dailycandy.com>, size=1027, nrcpt=2 (queue
active)
Feb 4 11:07:29 mail postfix/local[9292]: 9905E3C008A0:
to=<atann at mail.alphasrv.net>, orig_to=<atann at alphasrv.net>,
relay=local, delay=0.13, delays=0.08/0.03/0/0.03, dsn=2.0.0,
status=sent (delivered to maildir)
Feb 4 11:07:29 mail postfix/qmgr[8756]: 9905E3C008A0: removed
Hier noch für alle Fälle postconf -n, falls was fehlen sollte:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 3d
canonical_maps = hash:/etc/postfix/tables/canonical
config_directory = /etc/postfix
delay_warning_time = 2h
home_mailbox = Maildir/
inet_interfaces = all
mail_name = alphasrv.net mailservice
mailbox_size_limit = 0
maximal_queue_lifetime = 3d
message_size_limit = 50000000
minimal_backoff_time = 333s
mydestination = mail.alphasrv.net, localhost
myhostname = mail.alphasrv.net
mynetworks = 127.0.0.0/8, 192.168.66.0/24
myorigin = alphasrv.net
queue_directory = /var/lib/postfix
recipient_delimiter = +
relocated_maps = hash:/etc/postfix/tables/relocated
sender_canonical_maps = hash:/etc/postfix/tables/sender_canonical
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_session_cache_database = btree:
${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = alphasrv.net mailservice
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = reject_non_fqdn_sender
reject_non_fqdn_recipient
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
check_client_access hash:/etc/postfix/tables/check_client_access
check_sender_access hash:/etc/postfix/tables/check_sender_access
check_helo_access regexp:/etc/postfix/tables/check_helo_access
reject_unknown_sender_domain
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unauth_pipelining
check_policy_service inet:127.0.0.1:12525
check_policy_service inet:127.0.0.1:10031
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions =
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:
${queue_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/tables/transport
--
Andre Tann
Mehr Informationen über die Mailingliste Postfixbuch-users