[Postfixbuch-users] permit mynetworks und virtual domains

Andreas Meyer anmeyer at anup.de
So Mär 24 21:52:02 CET 2013


Uwe Drießen <driessen at fblan.de> wrote:

> Im Auftrag von Andreas Meyer
> > 
> > Hallo!
> > 
> > Ich steh' mal wieder etwas auf der Leitung. Ich habe
> 
> Dann rück doch deinen Stuhl ein wenig zur Seite :-))

hilft nicht B-)

> > warn_if_reject reject_invalid_helo_hostname,
> > warn_if_reject reject_non_fqdn_helo_hostname,
> > in die smtpd_recipient_restrictions eingefügt und stelle
> > nun fest, dass sich sämtliche Windows-PCs nur mit hostname
> > melden und ohne warn_if_reject abgewiesen werden würden.
> > 
> > Mar 20 14:41:13 delta postfix/smtpd[28865]: NOQUEUE: reject_warning:
> > RCPT from p5B0655D5.dip.t-dialin.net[91.6.85.213]: 504 5.5.2 <jennyPC>:
> > Helo command rejected: need fully-qualified hostname;
> > from=<jenny at anup.de> to=<spiegel at tvpfalz.de> proto=ESMTP
> > helo=<jennyPC>
> > 
> 
> Wenn das dann war er nicht angemeldet!

er hätte dann nicht relayen können?

> 
> 
> 
> > smtpd_recipient_restrictions =
> >     check_sender_access hash:/etc/postfix/access_sender,
> >     permit_mynetworks,
> 
> daran sollten sich auch deine User halten 
> >     reject_unknown_sender_domain,
> >     check_sender_access pcre:/etc/postfix/umlaute.pcre,
> >     check_recipient_access pcre:/etc/postfix/umlaute.pcre,
> 
> >     permit_sasl_authenticated,
> >     warn_if_reject reject_invalid_helo_hostname,
> >     warn_if_reject reject_non_fqdn_helo_hostname,
> >     reject_unlisted_recipient,
> >     reject_unauth_destination,
> >     reject_rbl_client bl.spamcop.net,
> >     reject_rbl_client zen.spamhaus.org,
> >     check_client_access cidr:/etc/postfix/client.cidr,
> >     check_policy_service inet:127.0.0.1:10023
> 
> Zeig doch mal deine komplette postconf -n 

# postconf -n
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
biff = no
body_checks = regexp:/etc/postfix/body_checks_regexp,              pcre:/etc/postfix/body_checks_pcre
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks_regexp,
html_directory = /usr/share/doc/packages/postfix/html
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 524288000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
maximal_queue_lifetime = 3d
message_size_limit = 524288000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, listen.bitcorner.eu
mydomain = bitcorner.eu
myhostname = mail.bitcorner.eu                     
mynetworks = 213.239.207.165, 127.0.0.1/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_bcc_maps = hash:/etc/postfix/archiv
sample_directory = /usr/share/doc/packages/postfix/samples
sender_bcc_maps = hash:/etc/postfix/archiv
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /etc/postfix/certs/hostcert.pem
smtp_tls_key_file = /etc/postfix/certs/hostkey.pem
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = 
smtpd_helo_required = no
smtpd_helo_restrictions = 
smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/access_sender,    permit_mynetworks,    permit_sasl_authenticated,    warn_if_reject reject_invalid_helo_hostname,    reject_unlisted_recipient,    reject_unknown_sender_domain,    check_sender_access pcre:/etc/postfix/umlaute.pcre,    check_recipient_access pcre:/etc/postfix/umlaute.pcre,    reject_unauth_destination,    reject_rbl_client bl.spamcop.net,    reject_rbl_client zen.spamhaus.org,    check_client_access cidr:/etc/postfix/client.cidr,    check_policy_service inet:127.0.0.1:10023
smtpd_restriction_classes = local_only
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = anup.de
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = hash:/etc/postfix/sasl_needed
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/certs/hostcert.pem
smtpd_tls_key_file = /etc/postfix/certs/hostkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
strict_8bitmime = no
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtualaliases
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/vhosts
virtual_mailbox_domains = anup.de und_die_anderen_Domains eben
virtual_mailbox_limit = 524288000
virtual_mailbox_maps = hash:/etc/postfix/mailboxes
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:5000

> > Ich war der Meinung, dass wenn ich diese beiden Restritionen nach
> > permit_sasl_authenticated einfüge, dieser reject nicht mehr sattfinden
> > sollte. anup.de ist eine virtuelle Domaine.
> 
> Wenn angemeldet dann ja 

Ich denke, der client ist angemeldet, sonst könnte er nicht relayen.

> Und dann ist es egal ob virtuelle, relay oder sonsteine Domain.
> 
> > permit_mynetworks betrifft ja nur Domainen in mynetworks und da stehen
> 
> Nö da stehen IP's drin (mynetwork)

Ja, ok. Da steht nur die IP des Servers und localhost s.o.

> > die virtuellen ja nicht drin. Gibt es für virtuelle Domainen einen
> > ähnlichen Parameter? Entschuldigt, wenn die Frage zu sehr basic sein
> > sollte.
> > 
> 
> http://www.postfix.org/postconf.5.html
> 
> virtual_alias_domains , 	virtual_mailbox_domains 
> 
> http://www.postfix.org/virtual.5.html

  Andreas



Mehr Informationen über die Mailingliste Postfixbuch-users