[Postfixbuch-users] relay_recipient_maps wird nicht beruecksichtigt

Ronald Roehl rr at itc-roehl.com
Mo Feb 25 13:34:55 CET 2008


Hallo,

wie gewuenscht einige Details:

postconf -n:
------------------------------------
alias_maps = hash:/etc/postfix/maps/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
header_checks = regexp:/etc/postfix/maps/header_checks.regexp
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = <externe IP-Adresse>, 127.0.0.1
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command =
mailbox_size_limit = <grosser Wert>
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = <grosser Wert>
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks.regexp
mydestination = $myhostname
mydomain = <our-main-mailing-domain>
myhostname = <this-hostname.this-net-domain>
mynetworks = /etc/postfix/maps/network_table.hash
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
parent_domain_matches_subdomains = transport_maps,    
smtpd_access_maps,    relay_domains
queue_directory = /var/spool/postfix
queue_minfree = <grosser Wert * 1.5>
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_canonical_maps = 
regexp:/etc/postfix/maps/recipient_canonical.regexp
relay_domains = hash:/etc/postfix/maps/relay_domains.hash
relay_recipient_maps = hash:/etc/postfix/maps/relay_recipients.hash
relayhost = [internal.relayhost]
relocated_maps = regexp:/etc/postfix/maps/relocated.regexp
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = regexp:/etc/postfix/maps/sender_canonical.regexp
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_banner = <reverse-lookup-hostname.domain> ESMTP $mail_name
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = reject_unlisted_recipient,    
permit_mynetworks,    permit_sasl_authenticated,    
reject_unauth_destination,    reject_invalid_hostname,    
reject_unauth_pipelining,    reject_non_fqdn_sender,    
reject_unknown_sender_domain,    reject_non_fqdn_recipient,    
reject_unknown_recipient_domain,    check_client_access 
hash:/etc/postfix/maps/access_client.hash,    check_helo_access 
hash:/etc/postfix/maps/access_helo.hash,    check_sender_access 
hash:/etc/postfix/maps/access_sender.hash,    check_recipient_access 
hash:/etc/postfix/maps/access_recipient.hash,    check_policy_service 
inet:127.0.0.1:10099,    permit
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions =
smtpd_use_tls = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/maps/transport.hash
unknown_local_recipient_reject_code = 550
------------------------------------

Klar mache ich postmap hash ;-)

   postmap -q <key> hash:/etc/postfix/maps/relay_recipients.hash

liefert auch ein OK bzw. nichts, je nach key.

mydomain = example.com    # natuerlich nicht, aber analog...

relay_domains.hash sieht etwa so aus:
------------------------------------
example.com   OK
example1.com   OK
example2.com   OK
example.de   OK
...
------------------------------------

relay_recipients.hash dann analog:
------------------------------------
user1 at example.com   OK
user2 at example.com   OK
user3 at example.com   OK
user4 at example.com   OK
...
user1 at example1.com   OK
...
user1 at example2.com   OK
...
user1 at example.de   OK
...
------------------------------------
usw. Wir empfangen fuer immer dieselben User unter div. Domainnamen. Die 
Umsetzung regelt

virtual.regexp:
------------------------------------
/@.*example1\.com/   @example.com
/@.*example2\.com/   @example.com
/@.*example\.de/   @example.com
...
------------------------------------
Liegt hier der Hase im Pfeffer?

Die Logs: Ich schaetze, das wuerde den Rahmen hier sprengen, aber 
Beispiele kann ich schon zeigen:
------------------------------------
Feb 25 13:29:21 hostname postfix/smtp[26551]: 203C42CB1E: 
to=<kymkgb at example.com>, orig_to=<kymkgb at example1.de>, relay=172.16\
.2.30[172.16.2.30], delay=1, status=sent (250 Ok: queued as A90FB25B61)
------------------------------------
kymkgb gibt es natuerlich nicht. Solche Eintraege sind massenhaft zu 
finden, es wird also fleissig weiter relayed. Wie saehen denn die 
reject-Eintraege durch relay_recipient_maps aus? Wenn ich nach reject 
filtere, gibt's nicht massgebliches...

Gruß, Ronald


Matthias Haegele schrieb:
> Ronald Roehl schrieb:
>   
>> Hallo zusammen,
>>
>> ich habe kuerzlich, ausgehend von den Tipps unter
>> http://postfix.state-of-mind.de/patrick.koetter/mailrelay/, den
>> Postfix-Parameter relay_recipient_maps auf eine entsprechend erzeugte
>> Datei gesetzt. Nun drueften ja eigentlich keine Mails an Adressen, die
>> dort nicht enthalten sind, vom smtpd mehr angenommen werden, oder?
>> Tja, dem ist aber nicht so. Die Aenderung wird vollstaendig ignoriert.
>> Es gibt also irgendwo in meiner Konfiguration einen versteckten
>> Parameter, der die Auswertung von relay_recipient_maps unterdrueckt bzw.
>> "sabbotiert".
>>
>> Ich habe mal (mit Sicherheit) uninteressante Parameter (html_directory
>> etc.) ausgefiltert und Domainnamen und IP-Adressen ersetzt, der Rest der
>> Konfiguration sieht wie folgt aus:
>>
>> main.cf
>>     
>
> postconf -n?
> postmap hash gemacht?
>
>   
>> --------------------------------------------------------------------------------------
>> command_directory = /usr/sbin
>> daemon_directory = /usr/lib/postfix
>> mail_spool_directory = /var/spool/mail
>> program_directory = /usr/lib/postfix
>> queue_directory = /var/spool/postfix
>>
>> mailq_path = /usr/bin/mailq
>> newaliases_path = /usr/bin/newaliases
>> sendmail_path = /usr/sbin/sendmail
>>
>> mail_owner = postfix
>>
>> mydestination = $myhostname
>> mydomain = <our-main-mailing-domain>
>>     
>
> Zeig mal?
>
>   
>> myhostname = <this-hostname.this-net-domain>
>> mynetworks = /etc/postfix/maps/network_table.hash
>> mynetworks_style = host
>> myorigin = $myhostname
>>
>> inet_interfaces = <external IP>, 127.0.0.1
>>
>> relayhost = [internal.relayhost]
>>
>> unknown_local_recipient_reject_code = 450
>>
>> setgid_group = maildrop
>>
>> alias_maps = hash:/etc/postfix/maps/aliases
>> header_checks = regexp:/etc/postfix/maps/header_checks.regexp
>> mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks.regexp
>> recipient_canonical_maps =
>> regexp:/etc/postfix/maps/recipient_canonical.regexp
>> relay_domains = hash:/etc/postfix/maps/relay_domains.hash
>> relay_recipient_maps = hash:/etc/postfix/maps/relay_recipients.hash
>>     
>
> Zeig mal?
> (kannst ja logisch umschreiben ...)
>
>   
>> relocated_maps = regexp:/etc/postfix/maps/relocated.regexp
>> sender_canonical_maps = regexp:/etc/postfix/maps/sender_canonical.regexp
>> transport_maps = hash:/etc/postfix/maps/transport.hash
>> virtual_maps = regexp:/etc/postfix/maps/virtual.regexp
>>
>> mailbox_command =
>> mailbox_transport =
>>
>> smtpd_banner = <reverse-lookup-hostname.domain> ESMTP $mail_name
>>
>> masquerade_domains =
>> masquerade_exceptions = root
>> masquerade_classes = envelope_sender, header_sender, header_recipient
>>
>> parent_domain_matches_subdomains =
>>     transport_maps,
>>     smtpd_access_maps,
>>     relay_domains
>>
>> defer_transports =
>>
>> disable_dns_lookups = no
>>
>> content_filter =
>>
>> remote_header_rewrite_domain = domain.invalid
>>
>> smtpd_client_restrictions =
>>
>> smtpd_helo_required = no
>> smtpd_helo_restrictions =
>>
>> strict_rfc821_envelopes = no
>>
>> smtpd_sender_restrictions =
>>
>> smtpd_recipient_restrictions =
>>     permit_mynetworks,
>>     permit_sasl_authenticated,
>>     reject_unauth_destination,
>>     reject_invalid_hostname,
>>     reject_unauth_pipelining,
>>     reject_non_fqdn_sender,
>>     reject_unknown_sender_domain,
>>     reject_non_fqdn_recipient,
>>     reject_unknown_recipient_domain,
>>     check_client_access hash:/etc/postfix/maps/access_client.hash,
>>     check_helo_access hash:/etc/postfix/maps/access_helo.hash,
>>     check_sender_access hash:/etc/postfix/maps/access_sender.hash,
>>     check_recipient_access hash:/etc/postfix/maps/access_recipient.hash,
>>     check_policy_service inet:127.0.0.1:10099,
>>     permit
>>
>> smtp_sasl_auth_enable = no
>> smtpd_sasl_auth_enable = no
>> smtpd_use_tls = no
>> smtp_use_tls = no
>> --------------------------------------------------------------------------------------
>>
>> Die Postfix-Version ist 2.1. Kann mir jemand einen Tipp geben?
>>     
>
> Logs?
>
>   
>> Gruss, Ronald
>>     
>
>
>   



Mehr Informationen über die Mailingliste Postfixbuch-users