Results 1 to 6 of 6

Thread: Postfix: reject all senders except one mail address

Hybrid View

  1. #1
    bendeichp NNTP User

    Postfix: reject all senders except one mail address


    Hi Forum,

    is that even possible to accomplish?

    I started with:


    Code:
    --------------------


    $ postconf | grep smtpd_sender_restrictions
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access

    $ cat access
    allowed@dom.ain OK
    * REJECT

    --------------------


    But wildcard "*" seems to be no available char in the access table, I
    tried something different (First one matches wins, right?):

    Code:
    --------------------

    allowed@dom.ain OK
    127.0.0.1 REJECT
    localhost REJECT

    --------------------


    Also didn't work.

    Even this config

    Code:
    --------------------

    127.0.0.1 REJECT
    localhost REJECT

    --------------------

    let me send mails via "-telnet localhost 25-"

    Of course after every change I did a -postmap access- and restarted
    postfix...

    Any suggestions?

    Thanks in advance,
    Pascal


    --
    "Have you tried turn it off and on again?"
    ------------------------------------------------------------------------
    bendeichp's Profile: http://forums.novell.com/member.php?userid=62174
    View this thread: http://forums.novell.com/showthread.php?t=448404


  2. #2
    bendeichp NNTP User

    Re: Postfix: reject all senders except one mail address


    After some testing i figured out, one way is to use regexp.
    Here are the parts, that I changed and which are different now from the
    default sles config:



    Code:
    --------------------

    main.cf:
    mynetworks_style = host
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/access
    smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

    access:
    !/^noreply@dom.ain$/ REJECT

    --------------------


    With this config, only smtp connections from localhost are accepted and
    only one sender address: noreply@dom.ain.
    That was my intention

    Cheers,
    Pascal


    --
    "Have you tried turn it off and on again?"
    ------------------------------------------------------------------------
    bendeichp's Profile: http://forums.novell.com/member.php?userid=62174
    View this thread: http://forums.novell.com/showthread.php?t=448404


  3. #3
    MoserHans NNTP User

    Re: Postfix: reject all senders except one mail address


    bendeichp;2155509 Wrote:
    > After some testing i figured out, one way is to use regexp.
    > Here are the parts, that I changed and which are different now from the
    > default sles config:
    >
    >
    > >

    Code:
    --------------------
    > >

    > main.cf:
    > mynetworks_style = host
    > smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/access
    > smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

    --------------------
    > >

    It is better style to just use smtpd_recipient_restrictions and collect
    all your restrictions there.

    Code:
    --------------------
    smtpd_recipient_restrictions = check_sender_access regexp:/etc/postfix/access,
    permit_mynetworks,
    reject_unauth_destination
    --------------------


    > With this config, only smtp connections from localhost are accepted and
    > only one sender address: noreply@dom.ain.
    > That was my intention

    To restrict connecting host use check_client_access, that is why you IP
    address try failed - the sending IP address is not the "sender", it the
    client.
    But if you only want localhost to connect, you can restict the listing
    interfaces to localhost by inet_interfaces = loopback-only


    --
    MoserHans
    ------------------------------------------------------------------------
    MoserHans's Profile: http://forums.novell.com/member.php?userid=53101
    View this thread: http://forums.novell.com/showthread.php?t=448404


  4. #4
    bendeichp NNTP User

    Re: Postfix: reject all senders except one mail address


    > It is better style to just use smtpd_recipient_restrictions and collect
    > all your restrictions there.

    Even it seems very logical to me, to put sender related restrictions to
    "smtpd_sender_restrictions" it's changed for better style:


    > But if you only want localhost to connect, you can restict the listing
    > interfaces to localhost by inet_interfaces = loopback-only

    IMHO the man page said, that "mynetworks_style = host" will have the
    same effect. Like always, there are many ways

    Thanks,
    Pascal


    --
    "Have you tried turn it off and on again?"
    ------------------------------------------------------------------------
    bendeichp's Profile: http://forums.novell.com/member.php?userid=62174
    View this thread: http://forums.novell.com/showthread.php?t=448404


  5. #5
    MoserHans NNTP User

    Re: Postfix: reject all senders except one mail address


    bendeichp;2156160 Wrote:
    > Even it seems very logical to me, to put sender related restrictions to
    > "smtpd_sender_restrictions" it's changed for better style:

    OK, but "permit_mynetworks" is what, a recipient_restriction? No, it is
    a client_restriction, because it restricts the connecting hosts. But you
    put it in "smtpd_recipient_restrictions", right?
    By putting all restrictions in *recipient* you have full control over
    the order in which the restrictions take place, you can have
    client_restrictions after sender_restriction, what you can not do by
    dividing the restrictions. Do you see, what I mean?
    Have a look at 'Postfix SMTP relay and access control'
    (http://www.postfix.org/SMTPD_ACCESS_README.html)
    All restrictions but smtpd_recipient_restrictions are optional, even
    though all restriction are only evaluated after RCTP TO anyway:> Current Postfix versions postpone the evaluation of client, helo and
    > sender restriction lists until the RCPT TO or ETRN command.


    > IMHO the man page said, that "mynetworks_style = host" will have the
    > same effect. Like always, there are many ways

    No, not really:
    > Specify "mynetworks_style = host" when Postfix should "trust" only the
    > local machine.

    mynetworks and mynetworks_style influence the permit_mynetworks
    restriction, not more. Port 25 is still accessable from anywhere else in
    the network. Whereas inet_interfaces restricts the opened ports to the
    network itself. This is a huge difference.


    --
    MoserHans
    ------------------------------------------------------------------------
    MoserHans's Profile: http://forums.novell.com/member.php?userid=53101
    View this thread: http://forums.novell.com/showthread.php?t=448404


  6. #6
    bendeichp NNTP User

    Re: Postfix: reject all senders except one mail address


    Hi,

    thanks for the explication.
    > Have a look at Postfix SMTP relay and access control

    I'll do that

    Cheers,
    Pascal


    --
    "Have you tried turn it off and on again?"
    ------------------------------------------------------------------------
    bendeichp's Profile: http://forums.novell.com/member.php?userid=62174
    View this thread: http://forums.novell.com/showthread.php?t=448404


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •