Re: limit access to postfix
On Mon, May 14, 2012 at 01:20:02PM +0200, Amira Othman wrote: > I have auth. And this is restrictions I have: > > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > reject_unknown_recipient_domain > > It rejects user that's not authenticated but for authenticated users > it can send for all 3 ips If you are willing to restrict each SASL user to a fixed sender address, you can use "smtpd_sender_login_maps" and "reject_authenticated_sender_login_mismatch" together with "check_sender_access" to restrict submission access to just the allowed senders. Otherwise, you need to tweak SASL settings to restrict which users can authenticate, which is mechanism dependent, and tricky. So with luck the sender<->login restrictions above are a viable option. -- Viktor.
Re: limit access to postfix
Am 14.05.2012 14:02, schrieb Amira Othman: > > > Am 14.05.2012 13:20, schrieb Amira Othman: >>> you have to change "mynetworks" >>> why do you need the complete range? >>> list single IPs there! >>> >>> I changed it to each one ip but still can send through ip that >>> account isn't member of its domain >>> >>> without authentication? >>> have you configured SASL auth? >>> if no take down the server and go back to docs! >> >> I have auth. And this is restrictions I have: >> smtpd_recipient_restrictions = permit_mynetworks >> permit_sasl_authenticated reject_unauth_destination >> reject_unknown_recipient_domain >> >> It rejects user that's not authenticated but for authenticated users >> it can send for all 3 ips >> >> i do REALLY not understand your problem >> "it can send for all 3 ips" can mean anything if you mean "IP1 can send over >> IP2 with Auth" -> expected behavior! >> >> please give configuration infos as statet in the welcome message and decribe >> your real problem by showing us relevant parts of your maillog >> >> http://www.postfix.org/DEBUG_README.html > > what I meant is that if I have us...@domain1.com for ip1 and > us...@domain2.com for ip2 > when I telnet ip1 port 25 and type mail from: us...@domain2.com and rcpt to: > whatever I got in log of instance 1 (ip1) user2@domain2 sent mail which > supposed to use instance 2 with its ip > the same happen when connecting through outlook if I used in mail server > configuration the second instance data and user of first instance he can > also send mails. > > How can I stop this? first: please fix your mail-client so it also quotes the last reply as said: provide LOGS and configuration we are not here to guess what happens on your machine signature.asc Description: OpenPGP digital signature
RE: limit access to postfix
Am 14.05.2012 13:20, schrieb Amira Othman: >> you have to change "mynetworks" >> why do you need the complete range? >> list single IPs there! >> >> I changed it to each one ip but still can send through ip that >> account isn't member of its domain >> >> without authentication? >> have you configured SASL auth? >> if no take down the server and go back to docs! > > I have auth. And this is restrictions I have: > smtpd_recipient_restrictions = permit_mynetworks > permit_sasl_authenticated reject_unauth_destination > reject_unknown_recipient_domain > > It rejects user that's not authenticated but for authenticated users > it can send for all 3 ips i do REALLY not understand your problem "it can send for all 3 ips" can mean anything if you mean "IP1 can send over IP2 with Auth" -> expected behavior! please give configuration infos as statet in the welcome message and decribe your real problem by showing us relevant parts of your maillog http://www.postfix.org/DEBUG_README.html what I meant is that if I have us...@domain1.com for ip1 and us...@domain2.com for ip2 when I telnet ip1 port 25 and type mail from: us...@domain2.com and rcpt to: whatever I got in log of instance 1 (ip1) user2@domain2 sent mail which supposed to use instance 2 with its ip the same happen when connecting through outlook if I used in mail server configuration the second instance data and user of first instance he can also send mails. How can I stop this?
Re: limit access to postfix
Am 14.05.2012 13:20, schrieb Amira Othman: >> you have to change "mynetworks" >> why do you need the complete range? >> list single IPs there! >> >> I changed it to each one ip but still can send through ip that account >> isn't member of its domain >> >> without authentication? >> have you configured SASL auth? >> if no take down the server and go back to docs! > > I have auth. And this is restrictions I have: > smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated > reject_unauth_destination reject_unknown_recipient_domain > > It rejects user that's not authenticated but for authenticated users it can > send for all 3 ips i do REALLY not understand your problem "it can send for all 3 ips" can mean anything if you mean "IP1 can send over IP2 with Auth" -> expected behavior! please give configuration infos as statet in the welcome message and decribe your real problem by showing us relevant parts of your maillog http://www.postfix.org/DEBUG_README.html signature.asc Description: OpenPGP digital signature
RE: limit access to postfix
> Am 14.05.2012 12:54, schrieb Amira Othman: >> Hi all >> >> I am using postfix 2.8.4 configured with 3 instances each one has its >> own ip. I need to prevent using each instance by users of other >> instances but I don't know what to change. >> Mynetworks configuration is ip range which contains the 3 ips .how to >> limit each instance to its ip > > you have to change "mynetworks" > why do you need the complete range? > list single IPs there! > > I changed it to each one ip but still can send through ip that account > isn't member of its domain without authentication? have you configured SASL auth? if no take down the server and go back to docs! I have auth. And this is restrictions I have: smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain It rejects user that's not authenticated but for authenticated users it can send for all 3 ips
Re: limit access to postfix
Am 14.05.2012 13:11, schrieb Amira Othman: > > > Am 14.05.2012 12:54, schrieb Amira Othman: >> Hi all >> >> I am using postfix 2.8.4 configured with 3 instances each one has its >> own ip. I need to prevent using each instance by users of other >> instances but I don't know what to change. >> Mynetworks configuration is ip range which contains the 3 ips .how to >> limit each instance to its ip > > you have to change "mynetworks" > why do you need the complete range? > list single IPs there! > > I changed it to each one ip but still can send through ip that account isn't > member of its domain without authentication? have you configured SASL auth? if no take down the server and go back to docs! signature.asc Description: OpenPGP digital signature
RE: limit access to postfix
Am 14.05.2012 12:54, schrieb Amira Othman: > Hi all > > I am using postfix 2.8.4 configured with 3 instances each one has its > own ip. I need to prevent using each instance by users of other > instances but I don't know what to change. > Mynetworks configuration is ip range which contains the 3 ips .how to > limit each instance to its ip you have to change "mynetworks" why do you need the complete range? list single IPs there! I changed it to each one ip but still can send through ip that account isn't member of its domain
Re: limit access to postfix
Am 14.05.2012 12:54, schrieb Amira Othman: > Hi all > > I am using postfix 2.8.4 configured with 3 instances each one has its own > ip. I need to prevent using each instance by users of other instances but I > don't know what to change. > Mynetworks configuration is ip range which contains the 3 ips .how to limit > each instance to its ip you have to change "mynetworks" why do you need the complete range? list single IPs there! signature.asc Description: OpenPGP digital signature
limit access to postfix
Hi all I am using postfix 2.8.4 configured with 3 instances each one has its own ip. I need to prevent using each instance by users of other instances but I don't know what to change. Mynetworks configuration is ip range which contains the 3 ips .how to limit each instance to its ip. Regards
