Re: header_checks problem
On Mon, Jan 04, 2010 at 09:00:25PM +0100, Ralf Hildebrandt wrote: * Christopher Adams adam...@gmail.com: Summary: I would like to ban an address/domain from posting to my system. I am using header_checks to do that. Why? Wouldn't check_sender_access be more appropriate? In this case, no, because the mail was submitted via sendmail(1) by UID 552. Perhaps authorized_submit_users is the best solution to the real-world problem here. Note that the OP did not describe that, so we're limited to guessing. /^From: testm...@library.state.or.us / REJECT A couple more comments to augment what Ralf said: first, . is a PCRE/regexp metacharacter, as @ is in PCRE. Those should be escaped. Second, I am not sure what happens with REJECT for sendmail submission; it seems to be mostly applicable in smtpd(8) context. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
Re: header_checks problem
/dev/rob0: On Mon, Jan 04, 2010 at 09:00:25PM +0100, Ralf Hildebrandt wrote: * Christopher Adams adam...@gmail.com: Summary: I would like to ban an address/domain from posting to my system. I am using header_checks to do that. Why? Wouldn't check_sender_access be more appropriate? In this case, no, because the mail was submitted via sendmail(1) by UID 552. Perhaps authorized_submit_users is the best solution to the real-world problem here. Note that the OP did not describe that, so we're limited to guessing. /^From: testm...@library.state.or.us / REJECT A couple more comments to augment what Ralf said: first, . is a PCRE/regexp metacharacter, as @ is in PCRE. Those should be escaped. Second, I am not sure what happens with REJECT for sendmail submission; it seems to be mostly applicable in smtpd(8) context. The Postfix cleanup daemon creates a bounce message, by using the same built-in mechanism that Postfix delivery agents use. This adds some complexity to the Postfix cleanup daemon. For example Postfix can't simply bounce the unfiltered message to the purported sender, as that would create an opportunity to send unfiltered email. Wietse
header_checks problem
Hello, I previously posted this thread, but changed midstream and was given guidance as to the proper way to post. So, I am starting again. Summary: I would like to ban an address/domain from posting to my system. I am using header_checks to do that. After creating a header_checks file and modifying main.cf to indicate the use of a header_checks file, a message sent to the server is passed through. I am posting from testm...@library.state.or.us to testm...@swiki.osl.state.or.us. Here is the line from the header_checks file: /^From: testm...@library.state.or.us / REJECT Log from maillog on swiki.osl.state.or.us: Jan 4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from= testm...@library.state.or.us, size=791, nrcpt=1 (queue active) Jan 4 11:36:13 swiki postfix/local[19921]: EB79ADB4B6E: to= testm...@swiki.osl.state.or.us, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Header of mail received at testm...@library.state.or.us: Return-Path: testm...@library.state.or.us X-Original-To: testm...@swiki.osl.state.or.us Delivered-To: testm...@swiki.osl.state.or.us Received: from library.state.or.us (www.osl.state.or.us [159.121.122.8]) by listsmart.osl.state.or.us (Postfix) with ESMTP id EB79ADB4B6E for testm...@swiki.osl.state.or.us; Mon, 4 Jan 2010 11:36:13 -0800 (PST) Received: by library.state.or.us (Postfix, from userid 552) id 6993B233FC; Mon, 4 Jan 2010 11:39:52 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by library.state.or.us (Postfix) with ESMTP id 68F7F32E64 for testm...@swiki.osl.state.or.us; Mon, 4 Jan 2010 11:39:52 -0800 (PST) Date: Mon, 4 Jan 2010 11:39:52 -0800 (PST) From: testm...@library.state.or.us To: testm...@swiki.osl.state.or.us Subject: testing Message-ID: pine.lnx.4.53.1001041139420.17...@library.state.or.us MIME-Version: 1.0 Output of postconf -n : alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_privs = nobody default_verp_delimiters = += html_directory = no mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2097152 mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, listsmart.$mydomain, swiki.$mydomain myhostname = listsmart.osl.state.or.us mynetworks = 159.121.122.0/24, 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-2.0.16/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_blacklist transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 Can someone help with this? Thank you.
Re: header_checks problem
* Christopher Adams adam...@gmail.com: Hello, I previously posted this thread, but changed midstream and was given guidance as to the proper way to post. So, I am starting again. Summary: I would like to ban an address/domain from posting to my system. I am using header_checks to do that. Why? Wouldn't check_sender_access be more appropriate? /^From: testm...@library.state.or.us / REJECT Log from maillog on swiki.osl.state.or.us: Jan 4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from= testm...@library.state.or.us, size=791, nrcpt=1 (queue active) That's the envelope, not the header From: testm...@library.state.or.us There's no behind testm...@library.state.or.us Output of postconf -n : it lists no header_checks Can someone help with this? Thank you. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: header_checks problem
After previously posting a thread about header_checks, someone suggested using check_sender_access, I tried it and posted a follow up and was admonished for changing direction. I specifically asked how to proceed and was told to go back to my original thread, which was header_checks. Message header: I used the Full Header command in Pine About the postconf -n, I had that line commented out from a previous test. Here it is now: alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 default_privs = nobody default_verp_delimiters = += header_checks = regexp:/etc/postfix/header_checks html_directory = no mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 2097152 mydestination = $myhostname, localhost.$mydomain, localhost.localdomain, listsmart.$mydomain, swiki.$mydomain myhostname = listsmart.osl.state.or.us mynetworks = 159.121.122.0/24, 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES recipient_delimiter = + sample_directory = /usr/share/doc/postfix-2.0.16/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_blacklist transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 I don't understand what you mean by this: From: testm...@library.state.or.us There's no behind testm...@library.state.or.us On Mon, Jan 4, 2010 at 12:00 PM, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: * Christopher Adams adam...@gmail.com: Hello, I previously posted this thread, but changed midstream and was given guidance as to the proper way to post. So, I am starting again. Summary: I would like to ban an address/domain from posting to my system. I am using header_checks to do that. Why? Wouldn't check_sender_access be more appropriate? /^From: testm...@library.state.or.us / REJECT Log from maillog on swiki.osl.state.or.us: Jan 4 11:36:13 swiki postfix/qmgr[19204]: EB79ADB4B6E: from= testm...@library.state.or.us, size=791, nrcpt=1 (queue active) That's the envelope, not the header From: testm...@library.state.or.us There's no behind testm...@library.state.or.us Output of postconf -n : it lists no header_checks Can someone help with this? Thank you. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de -- Christopher Adams adam...@gmail.com
Re: header_checks problem
* Christopher Adams adam...@gmail.com: After previously posting a thread about header_checks, someone suggested using check_sender_access, I tried it and posted a follow up and was admonished for changing direction. I specifically asked how to proceed and was told to go back to my original thread, which was header_checks. OK, but you forgot to actually ADD header_Checks to your main.cf :) header_checks = regexp:/etc/postfix/header_checks ah! I don't understand what you mean by this: From: testm...@library.state.or.us There's no behind testm...@library.state.or.us I mean what I wrote. Look at your header_checks pattern. It has a at the end. The header it's supposed to match does not. As a consequence, it doesn't match. /^From: testm...@library.state.or.us / REJECT ^space Look at the space after testm...@library.state.or.us Remove it. A nice twist for analysis is this: /^From:/ WARN /^From: testm...@library.state.or.us/ REJECT That way you can see how postfix percieves the headers. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
postfix and header_checks problem.
Hi all! I expierence problem with building regexp rules in header_checks. All I need is to reject email coming from addre...@domain1.com to addre...@domain2.com. How can I issue such excact rule? Thank you. flux.
Re: postfix and header_checks problem.
2009/8/12 f...@hotbox.ru: Hi all! I expierence problem with building regexp rules in header_checks. All I need is to reject email coming from addre...@domain1.com to addre...@domain2.com. How can I issue such excact rule? It's not possible with header_checks. header_checks works on each header independently, so you cannot combine the results of multiple headers. You may be able to use some of the techniques mentioned here: http://www.postfix.org/RESTRICTION_CLASS_README.html An alternative is to use a policy service: http://www.postfix.org/SMTPD_POLICY_README.html