Liebe Liste,

ich habe mit eurer Hilfe es schon fast ans Ziel geschafft. Gewisse domains werden bei mir von extern nur angenommen, wenn Sie von einer vorgeschalteten mailfirewall kommen.

Was noch nicht funktioniert, ist wenn nun user der mailfirewall gesicherten domains den mailserver als postein/ausgangssserver eingetragen haben und unter sich mails zustellen. Dann kommt auch die von mir gewählte 550er Fehlermeldung man möge doch den MX (=mailfirewall) verwenden. An nicht "mailfirewall-gesicherte" domains wie auch an externe domains funktioniert alles klaglos.

Ich habe es erfolglos probiert, permit_sasl_authenticated in die "check_if_mailfirewall_is_sender =" zu konfigurieren. Das funktioniert nicht.

d.h. wie kann ich die restriction class erweitern, damit externe mails für "mailfirewall-gesicherte"-domains/user nur von meinem mailserver angenommen werden, wenn sie von der mailfirewall kommen (der Teil funktioniert) und mails VON authorisierten User aller lokaler domains/user AN mailfirewall-gesicherter"-domains/user angenommen werden.

/etc/postfix/main.cf: smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access smtpd_restriction_classes = check_if_mailfirewall_is_sender

check_if_mailfirewall_is_sender = check_client_access hash:/etc/postfix/mailfirewall-ip, check_recipient_access pcre:/etc/postfix/nice_mailfirewall_reject.pcre, reject

/etc/postfix/mailfirewall-ip: xx.xx.xx.xx OK (Anm. IP der mailfirewall) 192.168.128.20 OK 127.0.0.1 OK localhost OK

/etc/postfix/recipient_access: manual.at check_if_mailfirewall_is_sender

und die entsprechende Fehlermeldung: nano nice_mailfirewall_reject.pcre /(.+)/ 554 5.7.1 Use MX record instead for delivering to $1

postmap /etc/postfix/recipient_access postmap /etc/postfix/mailfirewall-ip

/etc/postfix/postfix reload Fehlermeldung lautet dann: 554 5.7.1 gkaefer2@manual.at: recipient address rejected: Use MX record insted for delivering to gkaefer2@manual.at /var/log/messages:

May 15 12:05:46 mail2 postfix/smtpd[31245]: connect from atsbgfwbb.backbone.co.at[81.31.128.126] May 15 12:05:46 mail2 postfix/policyd-weight[30076]: decided action=DUNNO mail for postmaster@manual.at; <instance=7a0d.4a0d3e7a.8354d.0> <client=81.31.128.126> <helo=gkaeferpc> from=gkaefer2@manual.at to=postmaster@manual.at; delay: 0s May 15 12:05:46 mail2 postgrey[23736]: 2009/05/15-12:05:46 CONNECT TCP Peer: "192.168.128.20:59869" Local: "192.168.128.20:10030" May 15 12:05:46 mail2 postgrey[23736]: action=pass, reason=triplet found, client_name=atsbgfwbb.backbone.co.at, client_address=81.31.128.126, sender=gkaefer2@manual.at, recipient=postmaster@manual.at May 15 12:05:46 mail2 postgrey[23736]: cleaning up old logs... May 15 12:05:46 mail2 postfix/smtpd[31245]: NOQUEUE: reject: RCPT from atsbgfwbb.backbone.co.at[81.31.128.126]: 554 5.7.1 postmaster@manual.at: Recipient address rejected: Use MX record instead for delivering to postmaster@manual.at; from=gkaefer2@manual.at to=postmaster@manual.at proto=ESMTP helo=<gkaeferPC> May 15 12:05:51 mail2 postfix/smtpd[31245]: disconnect from atsbgfwbb.backbone.co.at[81.31.128.126]

postconf -n alias_maps = hash:/var/lib/mailman/data/aliases anvil_rate_time_unit = 60s anvil_status_update_time = 600s broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_process_limit = 200 home_mailbox = .maildir/ html_directory = /usr/share/doc/postfix-2.5.5/html inet_interfaces = all mail_owner = postfix mailbox_size_limit = 512000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 51200000 myhostname = mail2.xx.xx.xx mynetworks = 192.168.128.0/24, 127.0.0.0/8 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/bin/newaliases owner_request_special = no queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.5.5/readme recipient_delimiter = + remote_header_rewrite_domain = domain.invalid sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_client_connection_count_limit = 10 smtpd_client_connection_rate_limit = 50 smtpd_client_event_limit_exceptions = $mynetworks, xx.xx.xx.xx (ANm.IP der mailfirewall) smtpd_client_message_rate_limit = 50 smtpd_client_recipient_rate_limit = 10 smtpd_client_restrictions = permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, permit smtpd_recipient_restrictions = permit_mynetworks, reject_non_fqdn_recipient, permit_sasl_authenticated, check_policy_service inet:192.168.128.20:12525, check_policy_service inet:192.168.128.20:10030, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access, permit smtpd_reject_unlisted_sender = yes smtpd_restriction_classes = check_if_mailfirewall_is_sender smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_non_fqdn_sender, permit smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/dovecot/mail2.backbone.co.at.pem smtpd_tls_key_file = /etc/ssl/dovecot/mail2.backbone.co.at.key smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, hash:/var/lib/mailman/data/virtual-mailman virtual_mailbox_base = /var/mail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf virtual_mailbox_limit = 512000000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot

Danke vorab! Liebe Gruesse Georg Käfer