Re: Relaying problems

Thu, 12 Nov 2009 19:22:19 -0800 

Hi,

> Stop top posting.  Google for the term if you don't understand.

Sorry, that was only to follow up with my own post, so people had a reference.

> It looks as if you're trying to whitelist the client by IP, so you need
> check_client_access to check an IP.

Yes, and I've tried that too. I have done quite a bit of reading, and
afraid I'm getting conflicting info now. I've read posts from Ralf in
the past, as well as the man pages and other docs at postfix.org, but
it's still not working. Can you point me to the right documentation
that outlines why it would be check_client_access to check an IP?

For the time being, I've added the IP to mynetworks, but that's
obviously less than the most desirable approach. Even with the
following it doesn't work:

smtpd_recipient_restrictions =
        permit_mynetworks
        [...]
        check_helo_access hash:/etc/postfix/helo_checks,
        check_client_access hash:/etc/postfix/client_checks

In client_checks and helo_checks I have the IP listed:

192.168.1.99   OK

and have postmap'd the file.

I've tried a separate smtpd_helo_restrictions with similar results:

smtpd_helo_restrictions =
        permit_mynetworks
        check_helo_access hash:/etc/postfix/helo_checks
        permit

> As a general rule, access tables should be *below* reject_unauth_destination
> to prevent accidental open relay.
>
> You have a lot of reading to do.  Start here:
> http://www.postfix.org/documentation.html

Yes, I know. This is part of a larger project. I'd appreciate your
direction here. Here are some of the directions I have followed that
have lead me to where I am:

# Postfix-users from 2004 smtpd_client_restrictions?
http://marc.info/?t=110137716000002&r=1&w=2

smtpd_client_restrictions =
        permit_mynetworks
        check_helo_access hash:/etc/postfix/helo_checks

I've since removed it, basically starting from scratch, because I'm
afraid it has created more problems than it solves.

My full smtpd_recipient_restrictions is below:

smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        reject_unknown_sender_domain
        reject_unknown_recipient_domain
        reject_unauth_pipelining
        permit_mynetworks
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_unauth_destination
        check_helo_access hash:/etc/postfix/helo_checks
        check_recipient_access pcre:/etc/postfix/recipient_checks
        check_sender_access hash:/etc/postfix/sender_checks
        check_client_access hash:/etc/postfix/client_checks

Thanks so much.
Best regards,
Alex

Reply via email to