[Postfixbuch-users] check_recipient_access funktioniert nurmanchmal
Olaf Zaplinski
o.zaplinski at broadnet.de
Mo Sep 25 18:06:46 CEST 2006
Sandy Drobic wrote:
> Schicke besser mal die Ausgabe von "postconf -n" und den Logauszug, wo
> eine Mail angenommen wird und dann in der Queue vergammelt.
OK, s.u.
> Der Auszug mit
> smtpd_recipient_restrictions dürfte gar nicht funktionieren, da Postfix
> meckert, wenn in smtpd_recipient_restrictions nicht wenigstens ein
> reject_unauth_destination, reject, check_relay_domains existiert.
Man beachte das [snip] in meiner urspruenglichen Frage. ;-)
Olaf
alias_database = btree:/etc/postfix/aliases
alias_maps = proxy:btree:/etc/postfix/aliases
biff = no
body_checks =
regexp:/etc/postfix/blocked_urls
regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 2d
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = scan:127.0.0.1:10025
daemon_directory = /usr/libexec/postfix
default_database_type = btree
default_destination_concurrency_limit = 20
delay_warning_time = 2h
disable_vrfy_command = yes
empty_address_recipient = postmaster
hash_queue_depth = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
local_recipient_maps = $alias_maps
mail_owner = postfix
mailbox_size_limit = 104857600
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 3d
message_size_limit = 104857600
mime_header_checks =
$header_checks
regexp:/etc/postfix/mime_header_checks
mynetworks = 127.0.0.0/8
nested_header_checks =
newaliases_path = /usr/bin/newaliases
notify_classes = resource, software
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients
proxy_read_maps =
$alias_maps
$relay_recipient_maps
$relay_domains
$transport_maps
proxy:btree:/etc/postfix/check_client
proxy:btree:/etc/postfix/check_recipient
proxy:btree:/etc/postfix/check_sender
proxy:btree:/etc/postfix/check_helo
proxy:btree:/etc/postfix/check_helo_client
proxy:cidr:/etc/postfix/check_client_ip
proxy:cidr:/etc/postfix/block_china
proxy:btree:/etc/postfix/virtual
proxy:btree:/etc/postfix/tls_per_site
proxy:regexp:/etc/postfix/check_client.regexp
proxy:regexp:/etc/postfix/check_sender.regexp
proxy:btree:/etc/postfix/verify_sender
proxy:btree:/etc/postfix/block_bad_recepients
queue_directory = /var/spool/postfix
relay_domains = proxy:btree:/etc/postfix/relay_domains
relay_recipient_maps = proxy:btree:/etc/postfix/relay_recipients
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_tls_CAfile = /etc/postfix/thawtepremiumserverca.pem
smtp_tls_per_site = proxy:btree:/etc/postfix/tls_per_site
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions =
permit_mynetworks
proxy:cidr:/etc/postfix/check_client_ip
proxy:cidr:/etc/postfix/block_china
smtpd_data_restrictions =
reject_unauth_pipelining
reject_multi_recipient_bounce
smtpd_error_sleep_time = 30
smtpd_etrn_restrictions = reject
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks
check_client_access proxy:btree:/etc/postfix/check_helo_client
check_helo_access proxy:btree:/etc/postfix/check_helo
reject_invalid_hostname
reject_non_fqdn_hostname
warn_if_reject reject_unknown_hostname
smtpd_junk_command_limit = 10
smtpd_recipient_restrictions =
permit_mynetworks
check_recipient_access proxy:btree:/etc/postfix/block_bad_recepients
check_client_access proxy:btree:/etc/postfix/check_client
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_unauth_destination
check_client_access proxy:regexp:/etc/postfix/check_client.regexp
check_sender_access proxy:regexp:/etc/postfix/check_sender.regexp
check_sender_access proxy:btree:/etc/postfix/check_sender
check_sender_access proxy:btree:/etc/postfix/verify_sender
check_recipient_access proxy:btree:/etc/postfix/check_recipient
reject_rbl_client dynablock.njabl.org
reject_rbl_client dnsbl.njabl.org
reject_rhsbl_sender bogusmx.rfc-ignorant.org
reject_rbl_client cn.blackholes.us
smtpd_restriction_classes = verify_sender
smtpd_soft_error_limit = 2
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
strict_rfc821_envelopes = yes
swap_bangpath = no
transport_maps = proxy:btree:/etc/postfix/transport
... die Logeintraege: der Exchange-Server darf zum geblocktem Empfaenger
senden, obwohl mynetworks = 127.0.0.1 und obwohl block_bad_recepients vor
check_client geprueft wird. In letzterer erhaelt der Exchange-Server die
Erlaubnis, ueberallhin zu senden.
Sep 25 17:32:14 mx1 postfix/smtpd[6482]: connect from ex.domain.org[10.0.0.1]
Sep 25 17:32:40 mx1 postfix/smtpd[6482]: 855188B344:
client=ex.domain.org[10.0.0.1]
Sep 25 17:32:48 mx1 postfix/cleanup[6486]: 855188B344:
message-id=<20060925153240.855188B344 at mx1.domain.org>
Sep 25 17:32:48 mx1 postfix/qmgr[6478]: 855188B344:
from=<o.zaplinski at broadnet.de>, size=371, nrcpt=1 (queue active)
Sep 25 17:32:48 mx1 clamsmtpd: 120B9C: accepted connection from: 127.0.0.1
Sep 25 17:32:48 mx1 postfix/smtpd[6490]: connect from mx1.domain.org[127.0.0.1]
Sep 25 17:32:48 mx1 postfix/smtpd[6490]: 53C0E8B345:
client=ex.domain.org[10.0.0.1]
Sep 25 17:32:48 mx1 postfix/cleanup[6487]: 53C0E8B345:
message-id=<20060925153240.855188B344 at mx1.domain.org>
Sep 25 17:32:48 mx1 postfix/qmgr[6478]: 53C0E8B345:
from=<o.zaplinski at broadnet.de>, size=587, nrcpt=1 (queue active)
Sep 25 17:32:48 mx1 postfix/smtp[6488]: 855188B344:
to=<root at test.domain.org>, relay=127.0.0.1[127.0.0.1], delay=16, status=sent
(250 Ok: queued as 53C0
E8B345)
Sep 25 17:32:48 mx1 clamsmtpd: 120B9C: from=o.zaplinski at broadnet.de,
to=root at test.domain.org, status=CLEAN
Sep 25 17:32:48 mx1 postfix/smtpd[6490]: disconnect from
mx1.domain.org[127.0.0.1]
Sep 25 17:32:48 mx1 postfix/qmgr[6478]: 855188B344: removed
Sep 25 17:32:48 mx1 postfix/smtp[6495]: connect to
test.domain.org[212.105.192.13]: Connection refused (port 25)
Sep 25 17:32:48 mx1 postfix/smtp[6495]: 53C0E8B345:
to=<root at test.domain.org>, relay=none, delay=0, status=deferred (connect to
test.domain.org[212.105.19
2.13]: Connection refused)
Mehr Informationen über die Mailingliste Postfixbuch-users