|
|
|
|
|
|
| Author |
Message |
Félix Martos Trenado
*nix forums beginner
Joined: 18 Jul 2006
Posts: 3
|
 Posted: Thu Jul 20, 2006 3:33 pm Post subject:
Problems with relay control
|
|
|
Hi,
I'm having what I think are strange problems with relay control. Postfix
is ignoring access file
I've the following configuration of postfix:
postconf -n
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[localhost]:10025
daemon_directory = /usr/lib/postfix
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.1.4/html
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydomain = midominio.com
myhostname = perejil.$mydomain
mynetworks = 127.0.0.1, 192.168.0.0/22
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.4/README_FILES
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
sample_directory = /usr/share/doc/postfix-2.1.4/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/access, permit_mynetworks
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/etc/postfix/virtual
virtual_create_maildirsize = yes
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps..cf
virtual_mailbox_limit = 51200000
virtual_mailbox_limit_maps =
mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn
his diskspace quota, please try again later. Lo sentimos, el usuario ha
superado su quota, intentelo mas tarde, por favor.
virtual_minimum_uid = 1001
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_uid_maps = static:1001
I have syncronized /etc/postfix/access and its access.db (postmap).
Restarted postfix with this configuration. /etc/postfix/access list the
IP of the office internet connection.
But when I try to send an email from this office (by the public address)
Postfix rejects the mail with a: 554 Relay access denied
Jul 20 16:38:54 perejil postfix/smtpd[1483]: NOQUEUE: reject: RCPT from
XXXXXXXXXXXXXXXXXXXXXXx[XXX.YYY.ZZZ.WWW]:554 <nadie@gmail.com>: Relay
access denied; from=<nadie@midominio.com> to=<nadie@gmail.com>
proto=SMTP helo=<midominio.com>
And when trying by VPN in 192.168.0.0/22, it works....
So I tried deleting the
check_client_access hash:/etc/postfix/access
from smtpd_client_restrictions
And changed the mynetwork to:
mynetworks = /etc/postfix/access
And everything worked as it should from the beginning... So, Postfix is
ignoring the check_client_access hash:/etc/postfix/access
I checked this several times by changing this file and restarting
postfix. And ignored completely the changes
Any idea of why this strange behaviour?
Thanks
--
Félix Martos
Departamento Técnico 24x7
Grupo ITouch Movilisto España S.L.
C/ Cinca, 19
28002 Madrid
Tel: 902 933 777 Fax: 902 933 620
Este mensaje y cualquiera de sus ficheros anexos puede contener información confidencial y/o privilegiada. Si usted no es el destinatario de este mensaje o ha recibido este mensaje por error, por favor, informe inmediatamente al emisor y destruya esta comunicación. Está estrictamente prohibido realizar sin autorización cualquier copia, revelación o distribución de este mensaje. Las opiniones expresadas en este correo son las de su autor, y el Grupo iTouch Movilisto España, S.L. no se responsabiliza de su contenido.
This e-mail and any attached files may contain confidential and/or privileged information. If you are not the intended recipient, or have received this e-mail in error, please notify the sender immediately and destroy this communication. It is strictly forbidden to copy, disclose or distribute all or part of this e-mail. The comments, ideas and points of view expressed in this e-mail are solely those of the author and may not necessarily be supported by the company. Grupo iTouch Movilisto España, S.L. accepts no liability for the content of this e-mail. |
|
| Back to top |
|
 |
Victor Duchovni
*nix forums Guru
Joined: 28 Feb 2005
Posts: 2927
|
| Posted: Thu Jul 20, 2006 4:02 pm Post subject:
Re: Problems with relay control
|
|
|
On Thu, Jul 20, 2006 at 05:33:34PM +0200, F?lix Martos Trenado wrote:
| Quote: | smtpd_client_restrictions =
check_client_access hash:/etc/postfix/access,
|
This can only block, any "permit" rules have no effect, they don't
precede any rules that block.
This is entirely unnecessary, the result is the same if you leave it
out.
So the above is only useful for blocking, it cannot be used to permit
relaying. Relay control is via smtpd_recipient_restrictions.
| Quote: | And when trying by VPN in 192.168.0.0/22, it works....
|
Also CIDR syntax is not supported in indexed tables.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. |
|
| Back to top |
|
|
Félix Martos Trenado
*nix forums beginner
Joined: 18 Jul 2006
Posts: 3
|
| Posted: Thu Jul 20, 2006 4:32 pm Post subject:
Re: Problems with relay control
|
|
|
Victor Duchovni escribió:
| Quote: | On Thu, Jul 20, 2006 at 05:33:34PM +0200, F?lix Martos Trenado wrote:
smtpd_client_restrictions >> check_client_access hash:/etc/postfix/access,
This can only block, any "permit" rules have no effect, they don't
precede any rules that block.
Anyway, if a leave a line as: |
smtpd_client_restrictions
Wich is suposed to be a open relay... I can't access from any other
client than those in mynetwork
| Quote: | permit_mynetworks
This is entirely unnecessary, the result is the same if you leave it
out.
I know... anyway Postfix ignores completely the line
So the above is only useful for blocking, it cannot be used to permit
relaying. Relay control is via smtpd_recipient_restrictions.
|
--
Félix Martos
Departamento Técnico 24x7
Grupo ITouch Movilisto España S.L.
C/ Cinca, 19
28002 Madrid
Tel: 902 933 777 Fax: 902 933 620
Este mensaje y cualquiera de sus ficheros anexos puede contener información confidencial y/o privilegiada. Si usted no es el destinatario de este mensaje o ha recibido este mensaje por error, por favor, informe inmediatamente al emisor y destruya esta comunicación. Está estrictamente prohibido realizar sin autorización cualquier copia, revelación o distribución de este mensaje. Las opiniones expresadas en este correo son las de su autor, y el Grupo iTouch Movilisto España, S.L. no se responsabiliza de su contenido.
This e-mail and any attached files may contain confidential and/or privileged information. If you are not the intended recipient, or have received this e-mail in error, please notify the sender immediately and destroy this communication. It is strictly forbidden to copy, disclose or distribute all or part of this e-mail. The comments, ideas and points of view expressed in this e-mail are solely those of the author and may not necessarily be supported by the company. Grupo iTouch Movilisto España, S.L. accepts no liability for the content of this e-mail. |
|
| Back to top |
|
|
Victor Duchovni
*nix forums Guru
Joined: 28 Feb 2005
Posts: 2927
|
| Posted: Thu Jul 20, 2006 4:42 pm Post subject:
Re: Problems with relay control
|
|
|
On Thu, Jul 20, 2006 at 06:32:08PM +0200, F?lix Martos Trenado wrote:
| Quote: | Anyway, if a leave a line as:
smtpd_client_restrictions =
Wich is suposed to be a open relay... I can't access from any other
client than those in mynetwork
|
The above premise is false. From a false premise one can reach false
conclusions.
The relay control is in smtpd_recipient_restrictions. An empty client
restrictions list is the default setting and is NOT an open relay. Get
a Postfix book or google for a good Postfix restrictions tutorial.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Mon Dec 01, 2008 7:14 pm | All times are GMT
|
|
Car Credit | Loans | Internet Advertising | Remortgages | WesternUnion
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Postfix
