Re: Transport to non-standard external port
On Tue, Jul 14, 2020 at 05:21:08PM -0700, Daniel Miller wrote: > Given a recipient address in the form "s123...@example.com", and I'm > given the IP and port, do I just need to define an entry in my transport > map? E.g.: > > s123...@example.com 1.2.3.4:5525 You probably won't be surprised to learn that the primary purpose of the transport(5) table is to select a *transport* for the given lookup key. http://www.postfix.org/transport.5.html RESULT FORMAT The lookup result is of the form transport:nexthop. The transport field specifies a mail delivery transport such as smtp or local. The nexthop field specifies where and how to deliver mail. The transport field specifies the name of a mail delivery transport (the first name of a mail delivery service entry in the Postfix mas- ter.cf file). The nexthop field usually specifies one recipient domain or hostname. In the case of the Postfix SMTP/LMTP client, the nexthop field may con- tain a list of nexthop destinations separated by comma or whitespace (Postfix 3.5 and later). The syntax of a nexthop destination is transport dependent. With SMTP, specify a service on a non-default port as host:service, and disable MX (mail exchanger) DNS lookups with [host] or [host]:port. The [] form is required when you specify an IP address instead of a hostname. A null transport and null nexthop field means "do not change": use the delivery transport and nexthop information that would be used when the entire transport table did not exist. A non-null transport field with a null nexthop field resets the nexthop information to the recipient domain. A null transport field with non-null nexthop field does not modify the transport information. Therefore, the correct syntax would be either: s123...@example.com smtp:[1.2.3.4]:5525 or s123...@example.com :[1.2.3.4]:5525 if you wanted to keep some initial transport (based on the address class) unmodified, while resetting just the nexthop. SMTP nexthop syntax is described in: http://www.postfix.org/smtp.8.html SMTP DESTINATION SYNTAX The Postfix SMTP+LMTP client supports multiple destinations separated by comma or whitespace (Postfix 3.5 and later). SMTP destinations have the following form: domainname domainname:port Look up the mail exchangers for the specified domain, and con- nect to the specified port (default: smtp). [hostname] [hostname]:port Look up the address(es) of the specified host, and connect to the specified port (default: smtp). [address] [address]:port Connect to the host at the specified address, and connect to the specified port (default: smtp). An IPv6 address must be format- ted as [ipv6:address]. -- Viktor.
Transport to non-standard external port
I am setting up to use a service from an external company that utilizes SMTP for messaging via a non-standard port. So to be clear - this is *not* for standard mail! Given a recipient address in the form "s123...@example.com", and I'm given the IP and port, do I just need to define an entry in my transport map? E.g.: s123...@example.com 1.2.3.4:5525 Do I need to define anything for relay_domains or anything else? Separate question - since my own server is *not* an open relay and only permits authorized users, how do I allow that external address to either be used as the sender (which I'd rather not) or re-write my authorized sender for the relay? -- Daniel
Re: smtpd_recipient_restrictions in mongodb?
Exactly. Here a typical row | 1382959 | nelly_cab...@gmail.com | REJECT Recipient address rejected for policy reasons | 2018-11-04 01:49:33 mysql> describe virtual_sender_access ; +---+-+--+-+-+-+ | Field | Type| Null | Key | Default | Extra | +---+-+--+-+-+-+ | id| int(11) | NO | PRI | NULL| auto_increment | | source| varchar(64) | NO | MUL | | | | access| varchar(64) | NO | | | | | created_on| timestamp | NO | | -00-00 00:00:00 | | | check_bounce | int(11) | NO | | NULL| | | last_modified | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP | +---+-+--+-+-+-+ All rows use this bounce "REJECT Recipient address rejected for policy reasons". El mar., 14 de jul. de 2020 a la(s) 10:01, Ralph Seichter ( ra...@ml.seichter.de) escribió: > * SysAdmin EM: > > > query = SELECT access FROM virtual_sender_access WHERE source='%s' > > You wrote that you only store nonexistent sources. In that case, the > value of the "access" column should always be something that indicates > "access denied", possibly a constant value across all entries? If so, > > SELECT 'restricted' as access FROM ... > > should provide a way of reducing the DB load in a very small way, as > only an index scan would be required. However, that only saves one read > operation per lookup and therefore may not help you much. > > I am still unconvinced that the type of data you are storing provides a > good way to achieve your goal. > > > Does postfix have support for mongo database? > > Following Wietse's rule of "if it is not documented it is not supported" > and the content of http://www.postfix.org/DATABASE_README.html , the > answer should be no. > > -Ralph >
Re: Cached postscreen blacklist bypass
On 14.07.20 09:29, Michael Orlitzky wrote: Out postmaster/abuse addresses fall through a trapdoor at the top of smtpd_recipient_restrictions, and every once in a while someone decides to abuse that kindness. Yesterday I added 84.54.12.0/24 to postscreen's blacklist to prevent them from ever reaching the trapdoor. This morning I was surprised to have an inbox full of junk. It appears that the blacklist entry is superseded by the cache? Jul 13 23:50:32 mx1 postfix/postscreen[29809]: BLACKLISTED [84.54.12.227]:37300 Jul 13 23:50:32 mx1 postfix/postscreen[29809]: PASS OLD [84.54.12.227]:37300 Jul 13 23:50:33 mx1 postfix/smtpd[3580]: connect from pupiledition.club[84.54.12.227] Is that intentional? Fixable? Work-aroundable? your postscreen_blacklist_action is apparently set to ignore (default). set it to enforce to reject the client. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux is like a teepee: no Windows, no Gates and an apache inside...
Cached postscreen blacklist bypass
Out postmaster/abuse addresses fall through a trapdoor at the top of smtpd_recipient_restrictions, and every once in a while someone decides to abuse that kindness. Yesterday I added 84.54.12.0/24 to postscreen's blacklist to prevent them from ever reaching the trapdoor. This morning I was surprised to have an inbox full of junk. It appears that the blacklist entry is superseded by the cache? > Jul 13 23:50:32 mx1 postfix/postscreen[29809]: BLACKLISTED > [84.54.12.227]:37300 > Jul 13 23:50:32 mx1 postfix/postscreen[29809]: PASS OLD [84.54.12.227]:37300 > Jul 13 23:50:33 mx1 postfix/smtpd[3580]: connect from > pupiledition.club[84.54.12.227] Is that intentional? Fixable? Work-aroundable?
Re: smtpd_recipient_restrictions in mongodb?
* SysAdmin EM: > query = SELECT access FROM virtual_sender_access WHERE source='%s' You wrote that you only store nonexistent sources. In that case, the value of the "access" column should always be something that indicates "access denied", possibly a constant value across all entries? If so, SELECT 'restricted' as access FROM ... should provide a way of reducing the DB load in a very small way, as only an index scan would be required. However, that only saves one read operation per lookup and therefore may not help you much. I am still unconvinced that the type of data you are storing provides a good way to achieve your goal. > Does postfix have support for mongo database? Following Wietse's rule of "if it is not documented it is not supported" and the content of http://www.postfix.org/DATABASE_README.html , the answer should be no. -Ralph
