Re: not working smtpd_recipient_restrictions implementation - postFIXED!
Thank you to all who answered. I learnt from each of the three emails. My config file was seriously wonky (I have become a spam reader -- oh and aparrently spam sender) so it took some persuading but at least for now this particular dragon is slain. Wietse, you belong on Mount Olympus. Best wishes and thanks to all Eric Wietse Venema previously_wrote on Wed-02-Jun 21 7:34PM > Eric Smith: > > Dear fixers, > > > > My postfix ability has dissapated over many years without use :-( > > > > I tried and failing to REJECT an unwanted domain from accessing postfix > > through this in main.cf > > > > smtpd_recipient_restrictions = permit_mynetworks, > > Postfix won't reject mail from your network. > > > permit_sasl_authenticated, > > Postfix won't reject mail from an authenticated client. > > > check_sender_access > > hash:/etc/postfix/sender_access, > > This applies only if the client did not match permit_mynetworks > and did not match permit_sasl_authenticated. > > Wietse > > > reject_unauth_destination, > > reject_rbl_client zen.spamhaus.org, > > reject_rhsbl_reverse_client dbl.spamhaus.org, > > ... > > > > > > /etc/postfix/sender_access > > example2.org REJECT > > unwelcome.tld REJECT > > END > > > > % postmap /etc/postfix/sender_access > > > > % ls /etc/postfix/sender_access* > > sender_access sender_access.db > > > > % sudo postfix restart > > > > > > I wonder if there are any clues here to what I am doing wrong or where I > > might try to fix this. > > > > Thank you in advance and best wishes > > Eric > >
Re: not working smtpd_recipient_restrictions implementation
On Wed, Jun 02, 2021 at 06:55:26PM +0200, Eric Smith wrote: > My postfix ability has dissapated over many years without use :-( > > I tried and failing to REJECT an unwanted domain from accessing postfix > through this in main.cf > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > check_sender_access hash:/etc/postfix/sender_access, > reject_unauth_destination, It is best to list "check_sender_access ..." *after* "reject_unauth_destination": reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, otherwise you risk open-relay accidents. Basically put "reject_unauth_destination" as early as possible in the restriction list. You may be protected by "smtpd_relay_restrictions", but if that's explicitly set empty, "smtpd_recipient_restrictions" is your last line of defense. -- Viktor.
Re: not working smtpd_recipient_restrictions implementation
Eric Smith: > Dear fixers, > > My postfix ability has dissapated over many years without use :-( > > I tried and failing to REJECT an unwanted domain from accessing postfix > through this in main.cf > > smtpd_recipient_restrictions = permit_mynetworks, Postfix won't reject mail from your network. > permit_sasl_authenticated, Postfix won't reject mail from an authenticated client. > check_sender_access > hash:/etc/postfix/sender_access, This applies only if the client did not match permit_mynetworks and did not match permit_sasl_authenticated. Wietse > reject_unauth_destination, > reject_rbl_client zen.spamhaus.org, > reject_rhsbl_reverse_client dbl.spamhaus.org, > ... > > > /etc/postfix/sender_access > example2.org REJECT > unwelcome.tld REJECT > END > > % postmap /etc/postfix/sender_access > > % ls /etc/postfix/sender_access* > sender_access sender_access.db > > % sudo postfix restart > > > I wonder if there are any clues here to what I am doing wrong or where I > might try to fix this. > > Thank you in advance and best wishes > Eric >
Re: not working smtpd_recipient_restrictions implementation
On 06-02-2021 12:55 pm, Eric Smith wrote: Dear fixers, My postfix ability has dissapated over many years without use :-( I tried and failing to REJECT an unwanted domain from accessing postfix through this in main.cf Does anything show in the mail logs when it receives an email from the blocked domain that could give a clue? Any warnings on trying to access the sender access map? It is also possible to turn on full debugging in the logs which will explain postfix decision process when deciding to accept or reject an email. It shows step by step each matching attempt between the address and the records in the maps. http://www.postfix.org/DEBUG_README.html
not working smtpd_recipient_restrictions implementation
Dear fixers, My postfix ability has dissapated over many years without use :-( I tried and failing to REJECT an unwanted domain from accessing postfix through this in main.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_sender_access hash:/etc/postfix/sender_access, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, ... /etc/postfix/sender_access example2.org REJECT unwelcome.tld REJECT END % postmap /etc/postfix/sender_access % ls /etc/postfix/sender_access* sender_access sender_access.db % sudo postfix restart I wonder if there are any clues here to what I am doing wrong or where I might try to fix this. Thank you in advance and best wishes Eric