Re: Postfix + Dovecot SASL authentication.

Wed, 04 Mar 2009 03:36:23 -0800 

Victor Duchovni escribió:

On Wed, Mar 04, 2009 at 12:29:29AM -0200, Miguel Da Silva - Centro de 
Matem?tica wrote:


Mar  2 18:42:02 smtp postfix/smtpd[15652]: NOQUEUE: reject: RCPT from
r190-134-zz-xx.dialup.adsl.anteldata.net.uy[190.134.zz.
xx]: 450 4.7.1 <dest...@cmat.edu.uy>: Recipient address rejected:
Greylisting in action, please come back later.; from=<usuar...@c
mat.edu.uy> to=<dest...@cmat.edu.uy> proto=ESMTP helo=<UserPC>

smtpd_recipient_restrictions =
        reject_rbl_client sbl.spamhaus.org
        reject_rbl_client bl.spamcop.net
        check_recipient_access hash:/etc/postfix/bloqueados
        permit_sasl_authenticated
        permit_mynetworks
        reject_unauth_destination
        reject_unknown_recipient_domain
        reject_unverified_recipient
        check_policy_service inet:127.0.0.1:10026
Sugestions?! My idea is, if you are not part to $mynetworks, then authenticating is the only way to get mail relaid trough this server. 

The user was not "relaying" mail was sent to a domain you are responsible
for, so this was not blocked by "reject_unauth_destination". Nor should it
have been. On a port 25 MX host you can't distinguish roaming users submitting
mail to your domains from outside MTAs delivering mail to your domains.
Well... I don't think so, maybe I am not understandig reject_unauth_destinations correctly. 

Postfix' manual says:

reject_unauth_destination
    Reject the request unless one of the following is true:
* Postfix is mail forwarder: the resolved RCPT TO domain matches $relay_domains or a subdomain thereof, and contains no sender-specified routing (u...@elsewhere@domain), * Postfix is the final destination: the resolved RCPT TO domain matches $mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, or $virtual_mailbox_domains, and contains no sender-specified routing (u...@elsewhere@domain).
The first point do not botter me because $relay_domains is empty on this server. But, reading the second one I would say every local user sending mail to another local user will get it done through the server.
We both agree reject_unauth_destination did not block mail, but I think that's happening because usuar...@cmat.edu.uy is sending mail to dest...@cmat.edu.uy. 

Greetings.
--
Miguel Da Silva
Administrador Junior de Sistemas Unix
Centro de Matemática - http://www.cmat.edu.uy
Facultad de Ciencias - http://www.fcien.edu.uy
Universidad de la República - http://www.rau.edu.uy

Reply via email to