Discussion:
restricting using smtpd_recipient_restrictions not working
(too old to reply)
David Koski
2006-02-26 07:57:50 UTC
Permalink
I have the following main.cf:

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/recipients_only,reject

recipients_only:
exampl.com OK

No restrictions apply and I can send to any domain I've tried. I even
did this:

smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject

What am I missing?

Regards,
David Koski
***@kosmosisland.com
mouss
2006-02-26 09:15:55 UTC
Permalink
Post by David Koski
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/recipients_only,reject
exampl.com OK
No restrictions apply and I can send to any domain I've tried. I even
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions =
reject
What am I missing?
always:

1- send output from postconf -n, not main.cf. so do
# postconf smtpd_recipient_restrictions

2- post logs that show the problem.

guesses:
i) postfix reload forgotten
ii) master.cf has -o options that override main.cf
iii) you have multiple postfix installations, and you're not configuring
the one that runs
David Koski
2006-02-26 09:31:32 UTC
Permalink
<snip>
Post by mouss
1- send output from postconf -n, not main.cf. so do
# postconf smtpd_recipient_restrictions
# postconf -n smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject
Post by mouss
2- post logs that show the problem.
# echo test | mail -s test ***@kosmosisland.com

# tail -5 /var/log/mail/info
Feb 26 01:23:00 www postfix/pickup[17319]: 2F1D81A414A: uid=0 from=<root>
Feb 26 01:23:00 www postfix/cleanup[17325]: 2F1D81A414A: message-id=<***@www.example.com>
Feb 26 01:23:00 www postfix/qmgr[17320]: 2F1D81A414A: from=<***@www.example.com>, size=320, nrcpt=1 (queue active)
Feb 26 01:23:00 www postfix/smtp[17334]: 2F1D81A414A: to=<***@kosmosisland.com>, relay=antispam.kosmosisland.com[65.183.195.218], delay=0, status=sent (250 Ok: queued as 43CAA802B)
Feb 26 01:23:00 www postfix/qmgr[17320]: 2F1D81A414A: removed
Post by mouss
i) postfix reload forgotten
Actually, I restart by default just in case.
Post by mouss
ii) master.cf has -o options that override main.cf
Good call. I checked but nothing.
Post by mouss
iii) you have multiple postfix installations, and you're not configuring
the one that runs
# ps awux | grep postfix
root 17316 0.0 0.0 4648 1656 ? Ss 01:21 0:00 /usr/lib/postfix/master
postfix 17319 0.0 0.0 4764 1772 ? S 01:21 0:00 pickup -l -t fifo -u
postfix 17320 0.0 0.0 4796 1836 ? S 01:21 0:00 qmgr -l -t fifo -u
postfix 17326 0.0 0.0 4768 1748 ? S 01:21 0:00 trivial-rewrite -n rewrite -t unix -u

I'm stumped.

What I am really trying to do is find out how someone is using the
web site to send spam but for now, just to block it off. I have used
iptables for now.

David
Magnus Bäck
2006-02-26 10:34:04 UTC
Permalink
On Sunday, February 26, 2006 at 10:31 CET,
Post by David Koski
Post by mouss
1- send output from postconf -n, not main.cf. so do
# postconf smtpd_recipient_restrictions
# postconf -n smtpd_recipient_restrictions
smtpd_recipient_restrictions = reject
Post by mouss
2- post logs that show the problem.
# tail -5 /var/log/mail/info
Feb 26 01:23:00 www postfix/pickup[17319]: 2F1D81A414A: uid=0 from=<root>
Feb 26 01:23:00 www postfix/qmgr[17320]: 2F1D81A414A: removed
smtpd_xxx_restrictions apply to messages submitted via SMTP,
not messages submitted via sendmail(1).

[...]
Post by David Koski
What I am really trying to do is find out how someone is using the
web site to send spam but for now, just to block it off. I have used
iptables for now.
If someone is abusing PHP scripts or similar, it will all be in the
logs. However, if you want to apply restrictions you must make sure
the submission is made via SMTP.
--
Magnus Bäck
***@dsek.lth.se
mouss
2006-02-26 18:44:57 UTC
Permalink
that will go through pickup, not smtpd. so no smtpd_mumble_restrictiosn
here.

depending on your need, you can restrict the list of unix uids who can
use these command (athorized_submit_users).
David Koski
2006-02-26 19:20:31 UTC
Permalink
Post by mouss
that will go through pickup, not smtpd. so no smtpd_mumble_restrictiosn
here.
depending on your need, you can restrict the list of unix uids who can
use these command (athorized_submit_users).
That makes sense.

Thanks!
David

Loading...