| Author |
Message |
/dev/rob0
*nix forums Guru
Joined: 26 Feb 2005
Posts: 361
|
 Posted: Thu Jul 20, 2006 7:44 pm Post subject:
Re: Root relay issue
|
|
|
Top-posting makes the discussion much harder to follow; please don't.
I wrote:
| Quote: | root@mydomain.com permit_mynetworks,reject
This is not what the RESTRICTION_CLASS_README told you to do! The
access(5) lookup has to be a single result, that is, a restriction
class.
|
On Thursday 20 July 2006 14:25, Johnson, S wrote:
And I wrote before looking at RESTRICTION_CLASS_README. There is, in
fact, an example just like yours. I thought the access(5) lookup result
had to be a single restriction.
| Quote: | I'm sure it's root@mydomain having the bulk of issues (According to
the header anyway). I do see a small amount of spam coming in at
|
WHICH header? Delivered-To: ? X-Original-To:? Logs are better because
there's no doubt.
| Quote: | postmaster, but it's not as big... YET. =/ (Can I have 5 minutes
alone with these spammers??)
The maillog has nothing like that at all. I forgot to mention that I
did check the log and it does not like the check_recipient_access. I
get an error:
Jul 20 10:50:26 www postfix/smtpd[8837]: warning: restriction
`check_recipient_access' after `check_relay_domains' is ignored
|
Okay, your lookup is ignored. Also, your "check_relay_domains" is
deprecated.
At this point, as Noel said, we need to see "postconf -n" and the
complete logs for one such mail that you'd like to reject. Since
"postconf -n" excludes your restriction classes, you should also show
those from your main.cf, as well as the relevant contents of any files
to which they refer.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header |
|
| Back to top |
|
 |
Johnson, S
*nix forums beginner
Joined: 20 Jul 2006
Posts: 2
|
| Posted: Thu Jul 20, 2006 7:25 pm Post subject:
RE: Root relay issue
|
|
|
Hmm. I'm lost...?
I'm sure it's root@mydomain having the bulk of issues (According to the
header anyway). I do see a small amount of spam coming in at
postmaster, but it's not as big... YET. =/ (Can I have 5 minutes
alone with these spammers??)
The maillog has nothing like that at all. I forgot to mention that I
did check the log and it does not like the check_recipient_access. I
get an error:
Jul 20 10:50:26 www postfix/smtpd[8837]: warning: restriction
`check_recipient_access' after `check_relay_domains' is ignored
In the URL I sent I'm looking at the section entitled "Protecting
internal email distribution lists" because I don't want to restrict
internal email to this address. If I set the access permission to
restrictive according to the top of the help file, will that prevent
internal email being sent to this address?
Regards,
Scott
-----Original Message-----
From: owner-postfix-users@postfix.org
[mailto:owner-postfix-users@postfix.org] On Behalf Of /dev/rob0
Sent: Thursday, July 20, 2006 2:07 PM
To: postfix-users@postfix.org
Subject: Re: Root relay issue
On Thursday 20 July 2006 13:50, Johnson, S wrote:
| Quote: | Well, I was fine for a couple of years but someone finally figured
out that root at mydomain is a valid email. Now I'm getting all
kinds of spam to my root account. Problem is I use this account to
|
More than likely, they're hitting an alias like postmaster.
| Quote: | report on the server itself. The server sends many emails throughout
the day with health checks and the like. I'd like to lock this
account so that only localhost has the rights to send to this
|
Unfortunately postmaster and abuse are required by RFC. You should
accept mail to those from the outside.
Good, but you have a local copy of that, which is sometimes better to
use: less confusion from new features introduced after your version.
| Quote: | I added check_recipient_access hash:/etc/postfix/access to the
smtpd_recipient_restrictions line in main.cf
Then I went in to the access and added
root@mydomain.com permit_mynetworks,reject
|
This is not what the RESTRICTION_CLASS_README told you to do! The
access(5) lookup has to be a single result, that is, a restriction
class.
| Quote: | then ran postmap on access and restarted postfix. I tried to send an
email to my root account from the outside and it still forwarded it
on to my monitoring account.
Any ideas on what I'm doing wrong?
|
Failing to read your logs, which would have told you this already.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header |
|
| Back to top |
|
|
Noel Jones
*nix forums Guru
Joined: 28 Feb 2005
Posts: 776
|
| Posted: Thu Jul 20, 2006 7:15 pm Post subject:
Re: Root relay issue
|
|
|
At 01:50 PM 7/20/2006, Johnson, S wrote:
| Quote: | Well, I was fine for a couple of years but someone finally
figured out that root at mydomain is a valid email. Now
I'm getting all kinds of spam to my root account. Problem
is I use this account to report on the server itself. The
server sends many emails throughout the day with health
checks and the like. I'd like to lock this account so
that only localhost has the rights to send to this account.
I dug around a bit and found this piece of documentation:
http://www.postfix.org/RESTRICTION_CLASS_README.html>http://www.postfix.org/RESTRICTION_CLASS_README.html
I added check_recipient_access hash:/etc/postfix/access to
the smtpd_recipient_restrictions line in main.cf
Then I went in to the access and added
mailto:root@mydomain.com>root@mydomain.com
permit_mynetworks,reject
then ran postmap on access and restarted postfix. I tried
to send an email to my root account from the outside and
it still forwarded it on to my monitoring account.
Any ideas on what I'm doing wrong?
|
[plain text only please]
Your general description above of what you have done sounds
correct.
We can't debug any further without "postconf -n" output and
logs showing the problem.
--
Noel Jones |
|
| Back to top |
|
|
/dev/rob0
*nix forums Guru
Joined: 26 Feb 2005
Posts: 361
|
| Posted: Thu Jul 20, 2006 7:06 pm Post subject:
Re: Root relay issue
|
|
|
On Thursday 20 July 2006 13:50, Johnson, S wrote:
| Quote: | Well, I was fine for a couple of years but someone finally figured
out that root at mydomain is a valid email. Now I'm getting all
kinds of spam to my root account. Problem is I use this account to
|
More than likely, they're hitting an alias like postmaster.
| Quote: | report on the server itself. The server sends many emails throughout
the day with health checks and the like. I'd like to lock this
account so that only localhost has the rights to send to this
|
Unfortunately postmaster and abuse are required by RFC. You should
accept mail to those from the outside.
Good, but you have a local copy of that, which is sometimes better to
use: less confusion from new features introduced after your version.
| Quote: | I added check_recipient_access hash:/etc/postfix/access to the
smtpd_recipient_restrictions line in main.cf
Then I went in to the access and added
root@mydomain.com permit_mynetworks,reject
|
This is not what the RESTRICTION_CLASS_README told you to do! The
access(5) lookup has to be a single result, that is, a restriction
class.
| Quote: | then ran postmap on access and restarted postfix. I tried to send an
email to my root account from the outside and it still forwarded it
on to my monitoring account.
Any ideas on what I'm doing wrong?
|
Failing to read your logs, which would have told you this already.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header |
|
| Back to top |
|
|
Johnson, S
*nix forums beginner
Joined: 20 Jul 2006
Posts: 2
|
| Posted: Thu Jul 20, 2006 6:50 pm Post subject:
Root relay issue
|
|
|
Well, I was fine for a couple of years but someone finally figured out
that root at mydomain is a valid email. Now I'm getting all kinds of
spam to my root account. Problem is I use this account to report on the
server itself. The server sends many emails throughout the day with
health checks and the like. I'd like to lock this account so that only
localhost has the rights to send to this account.
I dug around a bit and found this piece of documentation:
http://www.postfix.org/RESTRICTION_CLASS_README.html
I added check_recipient_access hash:/etc/postfix/access to the
smtpd_recipient_restrictions line in main.cf
Then I went in to the access and added
root@mydomain.com permit_mynetworks,reject
then ran postmap on access and restarted postfix. I tried to send an
email to my root account from the outside and it still forwarded it on
to my monitoring account.
Any ideas on what I'm doing wrong?
TIA!
Scott |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Postfix
