Guy a écrit :
> Hi,
>
> I've got two gateway servers running postfix in front of the main mail
> servers and I want to start only accepting mail for valid recipients.
>
> From what I've read, adding check_recipient_access to my
> smtpd_recipient_restrictions the best way of doing this.
> In hash terms the file would look like this:
> [EMAIL PROTECTED] OK
> But I'd rather use mysql to do a lookup and see if an address is
> valid, what should the query look like?
> SELECT 'OK' FROM postfix WHERE username='%n'
> or
> SELECT IF (SELECT email FROM postfix WHERE username='%n') = '','REJECT', 'OK')
>
> Is there a better way to do the recipient validation? And is there a
> section in the documentation that covers how hash files etc are read?
> Figuring out the necessary MySQL query would be easier if I knew what
> postfix was looking for in a given instance. I've included my postconf
> -n below in case it would help.
>
recipient validation uses the list of recipients for each domain class:
- if the domain is in mydestination, the list is local_recipients
- if the domain is in relay_domains, the list is relay_domain_recipients
- if the domain is in virtual_mailbox_domains, the list is
virtual_mailbox_maps
- if the domain is in virtual_alias_domains, then users must be listed
in virtual_alias_domains, and after recursive expansion, must be
rewritten to an address in another domain class.
Note that addresses in virtual_alias_maps are considered valid, whatever
the domain class is (virtual_alis_maps apply to all domains).
so you don't need to use check_recipient_access.
in all the lists except virtual_alias_maps, the return value is not used
and may be set to whatever string you like (I like returning the domain
class).
since you are relaying mail to another server, the "standard" setup is
to list the domains in relay_domains. Then list the users in
relay_recipient_maps:
relay_domains = hash:/etc/postfix/relay_domains
relay_recipients = hash:/etc/postfox/relay_recipients
== relay_domains:
example.com whateveryouwant
== relay_recipients:
[EMAIL PROTECTED] whateveryouwant
so with mysql, you can simply do something like
select 'y' from User where '%u' = user and '%d' = domain
or
select 'y' from User where '%s' = user
depending on how you store your email addresses.
you can setup transport entries:
example.com relay:[piranha.aluminati.org]
> Thanks
> Guy
>
> [EMAIL PROTECTED]:~# postconf -n
> 2bounce_notice_recipient = [EMAIL PROTECTED]
> anvil_rate_time_unit = 60s
> bounce_notice_recipient = [EMAIL PROTECTED]
> bounce_template_file = /etc/postfix/bounce.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> cyrus_sasl_config_path = /etc/postfix/sasl/
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 30
> delay_notice_recipient = [EMAIL PROTECTED]
> error_notice_recipient = [EMAIL PROTECTED]
> home_mailbox = .maildir/
> html_directory = /usr/share/doc/postfix-2.2.10/html
> mail_owner = postfix
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maps_rbl_domains = sbl-xbl.spamhaus.org
> message_size_limit = 31240000
> mynetworks = 127.0.0.0/8, 72.9.230.26, 10.0.7.184, 209.51.134.106
> newaliases_path = /usr/bin/newaliases
> proxy_read_maps = $local_recipient_maps $mydestination
> $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps
> $relay_domains $canonical_maps $sender_canonical_maps
> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
> $virtual_alias_maps
> queue_directory = /var/spool/postfix
> rbl_reply_maps = hash:/etc/postfix/rbl_reply
> readme_directory = /usr/share/doc/postfix-2.2.10/readme
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_client_connection_count_limit = 30
> smtpd_client_connection_rate_limit = 30
> smtpd_client_message_rate_limit = 100
> smtpd_client_recipient_rate_limit = 50
> smtpd_error_sleep_time = 1s
> smtpd_hard_error_limit = 20
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_invalid_hostname,
> reject_non_fqdn_sender, reject_unknown_sender_domain,
> reject_unauth_destination, check_client_access
> cidr:/etc/postfix/postfix-dnswl-permit, reject_rbl_client
> zen.spamhaus.org, reject_rbl_client bl.spamcop.net,
> reject_rbl_client psbl.surriel.com, reject_rhsbl_client
> zen.spamhaus.org, reject_rhsbl_client bl.spamcop.net,
> check_policy_service inet:127.0.0.1:10031, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_path = smtpd
> smtpd_sasl_security_options = noanonymous
> smtpd_soft_error_limit = 10
> smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
> smtpd_tls_cert_file = /etc/ssl/certs/imapd.pem
> smtpd_tls_key_file = /etc/ssl/private/imapd.pem
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/virtual_transport_maps
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps =
> proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> proxy:mysql:/etc/postfix/mysql_virtual_catchall_maps.cf
> virtual_mailbox_domains =
> proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_transport = smtp:piranha.aluminati.org
>
>
