Re: postfix access map

Mon, 20 Feb 2017 01:33:07 -0800 


On 20.02.2017 09:35, Dominic Raferd wrote:




On 20 February 2017 at 07:58, Admin Beckspaced <ad...@beckspaced.com 
<mailto:ad...@beckspaced.com>> wrote:


    Dear Postfix users,

    First a belated BIG THANK YOU to Wietse and his 20 years of
    Postfix. You're awesome!

    Second:

    I'm running Postfix version 2.11.6 and have setup an access map of
    sender email addresses

    someu...@somedomain.com <mailto:someu...@somedomain.com> OK

    then doing a postmap on the access map and in the main.cf
    <http://main.cf> I setup the following:

    smtpd_sender_restrictions =
    ​​
    hash:/etc/postfix/access

    and later in the main.cf <http://main.cf> I setup some recipient
    restrictions with checks on RBL

    smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
        ...
        reject_rbl_client bl.spamcop.net <http://bl.spamcop.net>,
    reject_rbl_client zen.spamhaus.org <http://zen.spamhaus.org>,
        ...
        permit

    Now I thought whenever I got an email from a sender listed in the
    access map it will always get delivered, because of the OK action,
    and will skip checks in the smtpd_recipient_restrictions?

    but today a customer send me the following:

    From: Mail Delivery System
    Sent: Sunday, February 19, 2017 10:22 AM
    To: someu...@somedomain.com <mailto:someu...@somedomain.com>
    Subject: Undelivered Mail Returned to Sender

    This is the mail system at host mailout04.t-online.de
    <http://mailout04.t-online.de>.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to postmaster.

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

                      The mail system

    <i...@traenen123.com <mailto:i...@traenen123.com>>: host
    mail.beckspaced.com <http://mail.beckspaced.com>[78.46.161.3]
    said: 554 5.7.1
       Service unavailable; Client host [194.25.134.18] blocked using
    bl.spamcop.net <http://bl.spamcop.net>; Blocked - see
    http://www.spamcop.net/bl.shtml?194.25.134.18
    <http://www.spamcop.net/bl.shtml?194.25.134.18>
       (in reply to RCPT TO command)

    and the sender was the email address listed in the access map.

    So I thought that email in the access map will never make it to
    the RBL checks and always will pass as OK?

    Is there anything I need to think of to make it work? Whitelist an
    email address to always get accepted?



An 'OK' in your access file only causes emails which match it to skip 
further tests that occur in the one restriction list in which you have 
mentioned it i.e. sender_restrictions. It doesn't affect the separate 
restriction list 'recipient_restrictions' in which you have your RBLs 
(or any other restriction lists). The solution is to duplicate or move 
hash:/etc/postfix/access to being inside recipient_restrictions but 
above your RBL checks.


Thanks,


I always had the impression that an OK will skip all further tests in 
any restrictions lists following.


I now added in smtpd_recipient_restrictions before the RBL checks

check_sender_access hash:/etc/postfix/access

which will do what I want.


Is there perhaps any action which let's me pass all following 
restriction lists?


Thanks & greetings
Becki
























					Reply via email to