access - Postfix SMTP server access table
/etc/postfix/sender_access # # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... # myfriend@example.com OK junk@spam.com REJECT marketing@ REJECT theboss@ OK deals.marketing.com REJECT somedomain.com OK
in meinem Fall wird marketing@ aber nicht REJECT auch nicht nach einem, postmap /etc/postfix/sender_access
Am 26.01.2019 um 13:24 schrieb Ublun:
/etc/postfix/sender_access # # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... # myfriend@example.com OK junk@spam.com REJECT marketing@ REJECT theboss@ OK deals.marketing.com REJECT somedomain.com OK
in meinem Fall wird marketing@ aber nicht REJECT auch nicht nach einem, postmap /etc/postfix/sender_access
an die falsche Stelle eingebunden? Vorher schon angenommen? Ohne postconf -n und logs kann man das nicht sagen.
Kleiner Tip: Bei sender_access niemals OK nehmen, sondern eher DUNNO, wenn noch weitere Tests laufen sollen. ... oder "permit_auth_destination".
Ansonsten habe ich gerade keine Glaskugel bei mir.
Danke, hier mal das Log zu "whatifitworks@" im access table und mein postconf -fn
gruss David
Jan 28 13:10:15 ubox postfix/smtpd[8348]: connect from mail-40136.protonmail.ch[185.70.40.136] Jan 28 13:10:16 ubox postfix/smtpd[8348]: 0976720796: client=mail-40136.protonmail.ch[185.70.40.136] Jan 28 13:10:16 ubox postfix/cleanup[8352]: 0976720796: message-id=lnE8slyFjsk3xbA8iOaL4-Ot1XNYpeHJhukXxcKB_0OPY2bUrOey9gE54FE_5pubnLaEAFqpXFlOUlVXBRNj2jT34M4UYKwtuhkylqWE5wA=@protonmail.com
Jan 28 13:10:16 ubox opendkim[1053]: 0976720796: s=default d=protonmail.com SSL Jan 28 13:10:16 ubox postfix/qmgr[7734]: 0976720796: from=whatifitworks@protonmail.com, size=2328, nrcpt=1 (queue active) Jan 28 13:10:16 ubox postfix/smtpd[8348]: disconnect from mail-40136.protonmail.ch[185.70.40.136] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jan 28 13:10:37 ubox postfix/local[8353]: 0976720796: to=info.ublun@ubox, orig_to=info@ublun.com, relay=local, delay=21, delays=0.45/0.01/0/21, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Jan 28 13:10:37 ubox postfix/qmgr[7734]: 0976720796: removed
postconf -fn alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no compatibility_level = 2 home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 message_size_limit = 50240000 milter_default_action = accept milter_protocol = 2 mydestination = $myhostname, ubox, localhost.ublun.com, localhost myhostname = ubox.ublun.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = inet:localhost:8891 readme_directory = no recipient_delimiter = + sender_bcc_maps = hash:/etc/postfix/bcc smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_client_restrictions = permit_sasl_authenticated check_client_access hash:/etc/postfix/sender_access permit_inet_interfaces reject_unknown_reverse_client_hostname smtpd_enforce_tls = yes smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_reverse_client_hostname smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination reject_unknown_reverse_client_hostname smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual
Am 26.01.19 um 13:24 schrieb Ublun:
/etc/postfix/sender_access # # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... # myfriend@example.com OK junk@spam.com REJECT marketing@ REJECT theboss@ OK deals.marketing.com REJECT somedomain.com OK
in meinem Fall wird marketing@ aber nicht REJECT auch nicht nach einem, postmap /etc/postfix/sender_access
Hallo David,
Am 28.01.2019 um 13:39 schrieb Ublun:
Danke, hier mal das Log zu "whatifitworks@" im access table und mein postconf -fn> gruss David
Jan 28 13:10:15 ubox postfix/smtpd[8348]: connect from mail-40136.protonmail.ch[185.70.40.136] Jan 28 13:10:16 ubox postfix/smtpd[8348]: 0976720796: client=mail-40136.protonmail.ch[185.70.40.136] Jan 28 13:10:16 ubox postfix/cleanup[8352]: 0976720796: message-id=lnE8slyFjsk3xbA8iOaL4-Ot1XNYpeHJhukXxcKB_0OPY2bUrOey9gE54FE_5pubnLaEAFqpXFlOUlVXBRNj2jT34M4UYKwtuhkylqWE5wA=@protonmail.com
Jan 28 13:10:16 ubox opendkim[1053]: 0976720796: s=default d=protonmail.com SSL Jan 28 13:10:16 ubox postfix/qmgr[7734]: 0976720796: from=whatifitworks@protonmail.com, size=2328, nrcpt=1 (queue active) Jan 28 13:10:16 ubox postfix/smtpd[8348]: disconnect from mail-40136.protonmail.ch[185.70.40.136] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jan 28 13:10:37 ubox postfix/local[8353]: 0976720796: to=info.ublun@ubox, orig_to=info@ublun.com, relay=local, delay=21, delays=0.45/0.01/0/21, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Jan 28 13:10:37 ubox postfix/qmgr[7734]: 0976720796: removed
postconf -fn alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no compatibility_level = 2 home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 message_size_limit = 50240000 milter_default_action = accept milter_protocol = 2 mydestination = $myhostname, ubox, localhost.ublun.com, localhost myhostname = ubox.ublun.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = inet:localhost:8891 readme_directory = no recipient_delimiter = + sender_bcc_maps = hash:/etc/postfix/bcc smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_client_restrictions = permit_sasl_authenticated check_client_access hash:/etc/postfix/sender_access permit_inet_interfaces reject_unknown_reverse_client_hostname smtpd_enforce_tls = yes smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_reverse_client_hostname smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination reject_unknown_reverse_client_hostname smtpd_sasl_auth_enable = yes smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem smtpd_tls_key_file = /etc/postfix/postfix.key.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/virtual
Am 26.01.19 um 13:24 schrieb Ublun:
/etc/postfix/sender_access # # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples... # myfriend@example.com OK junk@spam.com REJECT marketing@ REJECT theboss@ OK deals.marketing.com REJECT somedomain.com OK
in meinem Fall wird marketing@ aber nicht REJECT auch nicht nach einem, postmap /etc/postfix/sender_access
zunächst: whatifitworks@ steht nicht in deiner Liste drin. Die Adresse wird also ignoriert und die Mail korrekterweise zugestellt.
Weiterhin kannst du deine Restriktionen ein wenig aufräumen und übersichtlicher machen:
Du hast smtpd_delay_reject per default auf "yes". Dadurch werden alle Restriktionen erst nach dem RCPT TO bearbeitet.
Du kannst also alles in die smtpd_recipient_restrictions setzen, die Relay-restrictions funktionieren meist per default und müssen nur in besonderen Fällen bearbeitet werden.
Am 28.01.2019 um 13:39 schrieb Ublun:
Danke, hier mal das Log zu "whatifitworks@" im access table und mein postconf -fn smtpd_client_restrictions = permit_sasl_authenticated check_client_access hash:/etc/postfix/sender_access permit_inet_interfaces reject_unknown_reverse_client_hostname
'check_client_access' ist in diesem Zusammenhang falsch. Um nach der E-Mail-Adresse des Absenders zu filtern brauchst Du 'check_sender_access'.
http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/postconf.5.html#check_sender_access
Ja Alex das war die Lösung und greift es jetzt auch,
besten Dank - David
Am 28.01.19 um 14:39 schrieb Alex JOST:
Am 28.01.2019 um 13:39 schrieb Ublun:
Danke, hier mal das Log zu "whatifitworks@" im access table und mein postconf -fn smtpd_client_restrictions = permit_sasl_authenticated check_client_access hash:/etc/postfix/sender_access permit_inet_interfaces reject_unknown_reverse_client_hostname
'check_client_access' ist in diesem Zusammenhang falsch. Um nach der E-Mail-Adresse des Absenders zu filtern brauchst Du 'check_sender_access'.
http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/postconf.5.html#check_sender_access
participants (3)
-
Alex JOST -
Kai Fürstenberg -
Ublun