[Postfixbuch-users] Bestimmte Sender-Adresse aussperren

Andre Tann atann at alphasrv.net
Mi Feb 4 14:07:30 CET 2009


Sandy Drobic, Mittwoch, 4. Februar 2009 11:38: 

> die Postfix-Checks werden der Reihe nach abgearbeitet. Wenn ein
> Check davor "OK/permit" sagt, wird die Mail angenommen, bevor
> deine Regel greift.
>
> Jetzt immer unter der Annahme, dass es sich hier wirklich um den
> Envelope Sender handelt und nicht um das "From: "-Feld innerhalb
> der Mail.

Nein, ich meine schon den Envelope-Sender, denn ich tippe es zum 
Test in den smtp-Chat händisch ein.

Hier die Konfiguration:

smtpd_recipient_restrictions = reject_non_fqdn_sender
   reject_non_fqdn_recipient
   permit_mynetworks
   permit_sasl_authenticated
   reject_unauth_destination
   reject_unlisted_recipient
   check_client_access hash:/etc/postfix/tables/check_client_access
   check_sender_access hash:/etc/postfix/tables/check_sender_access
[...]

So wie ich das sehe ist da kein Check, der ein OK gibt. Insbesondere 
in check_client_access stehen im Moment nur genau zwei Namen mit 
einem OK, und das sind meine eigenen Server. Außer diesen zwei 
Zeilen ist die Datei leer.


Die Logzeilen:

Feb  4 11:07:29 mail postfix/qmgr[8756]: 9905E3C008A0: 
from=<today at bounce.dailycandy.com>, size=1027, nrcpt=2 (queue 
active)
Feb  4 11:07:29 mail postfix/local[9292]: 9905E3C008A0: 
to=<atann at mail.alphasrv.net>, orig_to=<atann at alphasrv.net>, 
relay=local, delay=0.13, delays=0.08/0.03/0/0.03, dsn=2.0.0, 
status=sent (delivered to maildir)
Feb  4 11:07:29 mail postfix/qmgr[8756]: 9905E3C008A0: removed



Hier noch für alle Fälle postconf -n, falls was fehlen sollte:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 3d
canonical_maps = hash:/etc/postfix/tables/canonical
config_directory = /etc/postfix
delay_warning_time = 2h
home_mailbox = Maildir/
inet_interfaces = all
mail_name = alphasrv.net mailservice
mailbox_size_limit = 0
maximal_queue_lifetime = 3d
message_size_limit = 50000000
minimal_backoff_time = 333s
mydestination = mail.alphasrv.net, localhost
myhostname = mail.alphasrv.net
mynetworks = 127.0.0.0/8, 192.168.66.0/24
myorigin = alphasrv.net
queue_directory = /var/lib/postfix
recipient_delimiter = +
relocated_maps = hash:/etc/postfix/tables/relocated
sender_canonical_maps = hash:/etc/postfix/tables/sender_canonical
show_user_unknown_table_name = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_session_cache_database = btree:
${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = alphasrv.net mailservice
smtpd_client_restrictions =
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions = reject_non_fqdn_sender                               
reject_non_fqdn_recipient                               
permit_mynetworks                              
permit_sasl_authenticated                               
reject_unauth_destination                               
reject_unlisted_recipient                               
check_client_access hash:/etc/postfix/tables/check_client_access                               
check_sender_access hash:/etc/postfix/tables/check_sender_access                               
check_helo_access regexp:/etc/postfix/tables/check_helo_access                               
reject_unknown_sender_domain                               
reject_invalid_helo_hostname                               
reject_non_fqdn_helo_hostname                               
reject_unauth_pipelining                           
check_policy_service inet:127.0.0.1:12525                               
check_policy_service inet:127.0.0.1:10031                               
reject_rbl_client ix.dnsbl.manitu.net                               
reject_rbl_client dnsbl.njabl.org                               
reject_rbl_client dnsbl.sorbs.net                          
reject_rbl_client zen.spamhaus.org                               
reject_rbl_client bl.spamcop.net                               
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions =
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:
${queue_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/tables/transport

-- 
Andre Tann




Mehr Informationen über die Mailingliste Postfixbuch-users