On Sun, Mar 26, 2023 at 02:53:42PM -0700, Doug Hardie wrote:
> > inline:{{digitalinsight.firefightersfirstcreditunion.org =
> > permit_auth_destination}}
> > or
> >
> > inline:{digitalinsight.firefightersfirstcreditunion.org=permit_auth_destination}
> >
> > Per the documentation:
> >
> > http://www.postfix.org/DATABASE_README.html
> >
> > "inline:{ key=value, { key = text with whitespace or comma }}
>
>
> I found the = didn't work.
This is sadly without any configuration or error message details. So not
actionable. The suggested inline:{{key = value}} replacement will work
if implemented correctly.
# Best to rename to "incoimg_recipient_restrictions", here, and in
master.cf.
incoming_smtpd_restrictions =
check_policy_service inet:127.0.0.1:10040,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
check_sender_access inline:{
{digitalinsight.firefightersfirstcreditunion.org =
permit_auth_destination}
},
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
check_recipient_access hash:/usr/local/etc/postfix/tempfail,
reject_unauth_destination,
reject_unlisted_recipient
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client zen.spamhaus.org,
permit
> So I tried the example in the access(5) man page.
What example?
> smtpd pass - - n - 50 smtpd
> -o smtpd_recipient_restrictions=$incoming_smtpd_restrictions
>
> incoming_smtpd_restrictions =
> check_policy_service inet:127.0.0.1:10040,
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> check_sender_access hash:/usr/local/etc/postfix/access
> reject_unknown_sender_domain,
This will reject the domain.
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> permit_mynetworks,
> check_recipient_access hash:/usr/local/etc/postfix/tempfail,
> reject_unauth_destination,
> reject_unlisted_recipient
> reject_rbl_client bl.spamcop.net,
> reject_rbl_client b.barracudacentral.org,
> reject_rbl_client zen.spamhaus.org,
> permit
>
> the contents of access:
>
> # Firefighters CU has missing DNS
> 156.55.193.213 OK
That's not a sender [email] address. Also the "RHS" is too permissive,
you probably want (just in case) not "OK" but "permit_auth_destination"
(though your "smtpd_relay_restrictions" may keep you out of trouble,
best to be sure).
Perhaps you meant to instead use:
check_client_access hash:/usr/local/etc/postfix/access
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
