Prev-20 Home Next-20 7 msg Postfix 2.2.5 on latest Solaris 9 x86 5 msg Postfix Relay, and Pop-before-smtp 12 msg Newb Question 13 msg Best defense against this? 1 msg undelivered mail problem - SOLVED 4 msg Legal local-part 3 msg virtual_alias_domains with mysql: 'User unknown... Submission port (587): howto to use differente ... \ casfre (22 Sep 2007) . \ Reinaldo Carvalho (22 Sep 2007) . \ Noel Jones (22 Sep 2007) . . \ Jorey Bump (22 Sep 2007) . . . \ casfre (22 Sep 2007) . \ Noel Jones (22 Sep 2007) 5 msg When does smtpd_reject_unlisted_recipient kick in? 4 msg Postfix 'falling back' on sasldb? I don't want ... 3 msg Nested access maps (I think ;)) 3 msg Suppression of encoding bad header function in ... 4 msg RE: Catchall ?? 3 msg problem with .forward files + forwarding loops 5 msg Postfix Strange Behaviours 7 msg Content filter question, based upon auth'ed or not 28 msg Mail stuck in active queue for loooong time 11 msg How to stop a user from changing the 'From:' he... 10 msg [Semi-OT] blocked port 465, anywhere? 7 msg chroot problems on Nexenta (OpenSolaris) Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Sep-2007 Next-Thread Next-Msg Subject: Re: Submission port (587): howto to use differente smtpd_recipient_restrictions in master.cf? Group: Postfix-users From: casfre Date: 22 Sep 2007 Hi, Replying to all that helped. Really thanks to Reinaldo, Noel and Jorey. > > "reject_unknown_domain" isn't a valid restriction. Maybe you mean > > "reject_unknown_sender_domain" or "reject_unknown_recipient_domain"? Noel, my fault. I just "swallowed" the sender/recipient part". Sorry. > > Anyway, do it something like this: > > ## main.cf: > > submission_recipient_restrictions = > > check_recipient_access hash:/etc/postfix/access_reject, > > check_sender_access hash:/etc/postfix/client_access_spam_local > > permit_sasl_authentication, > > reject > > > > ## master.cf > > submission .... smtpd > > -o smtpd_enforce_tls=yes > > -o smtpd_sasl_auth_enable=yes > > -o smtpd_recipient_restrictions=$submission_recipient_restrictions > > Diagnose: my lack of understanding how to "link" main.cf to master.cf. I actually tried to define submission_... in main.cf, but remained stuck in $submission_... in master.cf. I couldn't believe when I read man page again. :-( I didn't realize ( I didn't know actually ) that was possible to use smtpd_restriction_classes, as Reinaldo presented. I mean, "linking" from master.cf to main.cf. Any suggestion of postfix docs to "cure" my lack of understanding about this topic? > > BTW, this is all documented in http://www.postfix.org/master.5.html I read the document again and find where I missed: "In parameter values, either avoid whitespace altogether, use commas instead of spaces, *** or consider overrides like "-o name=$override_parameter" with $over-ride_parameter set in main.cf."*** (grrr :-( ) Now, I know two ways for doing the job, as Reinaldo and Noel told me. Thanks again. > Also, keep in mind that the submission port is expected to be simple and > secure. Restricting its use to authenticated users is usually enough to > prevent abuse. A poorly designed access map could create an open relay, > and if enough of those appear on the Internet, it might become popular > for some networks/ISPs to block port 587, as they commonly do with port 25. I will double my attention here. Actually, I am (now) interested in adding some "always reject" restrictions, like, "always reject mail to these internal lists". I can't reach the server before Monday, but I will test it ASAP. I will post here. Once again, thank you for your attention and patience. Cheers, Freitas Prev-Msg Prev-Thread Postfix-users Sep-2007 Next-Thread Next-Msg

© 2004-2008 readlist.com