Hey list, 

cat smtpd.conf

# some general config like pki, ttl, message size etc stripped

table aliases file:/etc/aliases
table vusers file:/etc/smtpd/vusers
table vdoms file:/etc/smtpd/vdoms
table passwd file:/etc/dovecot/passwd-file
table blocked_senders file:/etc/smtpd/blocked_senders

listen on ens18 port 25 tls-require pki mx01.hoffbox.net

listen on ens18 port 587 tls-require pki mx01.hoffbox.net auth <passwd>

listen on ens18 port 465 smtps pki mx01.hoffbox.net auth <passwd>

action "local" lmtp "/var/run/dovecot/lmtp" virtual <vusers>
action "relay" relay host smtps://smtp...@mailout.mailout.hoffmann-systems.net 
helo mx01.klm.hoffbox.net auth <external_relays_auth>

match from mail-from <blocked_senders> reject

match from any for domain <vdoms> action "local"

match from local for any action "relay"

match from auth for any action "relay"

cat blocked_senders


root@mx01:~# dpkg -l opensmtpd
ii  opensmtpd      6.8.0p2-3    amd64        secure, reliable, lean, and 
easy-to configure SMTP server

I was under the impression that with this config, all mail coming from 
addresses in the
blocked_senders table would immediately be rejected. 

However, if i use telnet/openssl s_client to connect to the server, I get an OK 
response to MAIL FROM:<t...@simonhoffmann.net> and can state RCPT TO and DATA 
any problems. 
I then used a remote server and sendmail to send an email from 
to si...@simonhoffmann.net and this email was delivered into my mailbox. I was 
authenticated (on purpose), but rather used the normal unauthenticated mail flow
(hence not sending from mutt oder thunderbird but just piping a mail into 
sendmail on
a server on the internet). (Based in the man pages being authenticated should 
matter anyways because the reject match is the first in the file and the first 
is always used.)

What am I doing wrong? Did I interpret the matching options wrong?




Attachment: signature.asc
Description: PGP signature

Reply via email to