Re: header_checks bypassing discard rules

2016-06-29 Thread Zalezny Niezalezny 
Hi,


@Wietse, than You for Your feedback.


Now its working with transport map.

domain.com  relay:[smtp1.domain.local]
domain.com  relay:[smtp.domain.local]
*   error: Only one is allowed


With "error:" parameter Postfix filtering is working like a charm. :)

When I used "discard:"  its not working. Postfix simply sending all E-mails
out, but it should drop only those not listed before "* discard:".



@Noel, Wietse - ThanXX


Greetings

Zalezny




On Wed, Jun 29, 2016 at 3:01 PM, Wietse Venema  wrote:

> Zalezny Niezalezny:
> > Hi Noel,
> >
> > I just tested Your solution, but its not working with multiple RCPT TO:
> >
> > When I`m sending an E-mail using telnet command, an email with single
> RCPT
> > TO: zalezny.niezale...@gmail.com is working fine. its blocked.
> > But when I will put second RCPT TO: u...@domain.com, then both E-mails
> are
> > send, even that restricted by transport table.
>
> Then you made a mistake. Noel's suggestion does not depend on the
> number of RCPT TO addresses (his suggestion to use transport_map
> for "good" destinations, and to use default_transport to resolve
> other destinations to the error transport).
>
> > @Wietse , maybe You will be able to help me here ?
>
> I would follow Noel's suggestion.
>
> Wietse
>

Re: header_checks bypassing discard rules

2016-06-29 Thread Wietse Venema 
Zalezny Niezalezny:
> Hi Noel,
> 
> I just tested Your solution, but its not working with multiple RCPT TO:
> 
> When I`m sending an E-mail using telnet command, an email with single RCPT
> TO: zalezny.niezale...@gmail.com is working fine. its blocked.
> But when I will put second RCPT TO: u...@domain.com, then both E-mails are
> send, even that restricted by transport table.

Then you made a mistake. Noel's suggestion does not depend on the
number of RCPT TO addresses (his suggestion to use transport_map
for "good" destinations, and to use default_transport to resolve
other destinations to the error transport).

> @Wietse , maybe You will be able to help me here ?

I would follow Noel's suggestion.

Wietse

Re: header_checks bypassing discard rules

2016-06-29 Thread Benny Pedersen 

On 2016-06-29 10:59, Zalezny Niezalezny wrote:


But when I will put second RCPT TO: u...@domain.com, then both E-mails
are send, even that restricted by transport table.


header_checks is not pr recipient so it does not work

if you like to make pr recipient use check_policy_service

but check_policy_service cant test anything in body, if you can live 
with that its ok


but if you need body testing use a milter

such as eq milter-regex

Re: header_checks bypassing discard rules

2016-06-29 Thread Zalezny Niezalezny 
Hi Noel,

I just tested Your solution, but its not working with multiple RCPT TO:

When I`m sending an E-mail using telnet command, an email with single RCPT
TO: zalezny.niezale...@gmail.com is working fine. its blocked.

But when I will put second RCPT TO: u...@domain.com, then both E-mails are
send, even that restricted by transport table.



@Wietse , maybe You will be able to help me here ?



With kind regards

Zalezny



On Mon, Jun 27, 2016 at 5:29 PM, Zalezny 
wrote:

> Wow, thanks for that perfect tip.
>
>
>
>
> On June 27, 2016 5:15:52 PM GMT+02:00, Noel Jones 
> wrote:
>>
>> On 6/27/2016 3:39 AM, Zalezny Niezalezny wrote:
>>
>>>  Hi,
>>>
>>>  using header_checks configuration we are dropping all outgoing
>>>  E-mails except some of them.
>>>
>>>
>>>  # discard all mails not going to cortalconsors.(de|fr)
>>>  if /^to:/
>>>  !/^to:?$/ DISCARD discarded
>>>  endif
>>>
>>>  Following rules dropping all outgoing e-mails with recipeint domains
>>>  different than
>>>
>>>  extern.domain.com 
>>>  domain.com 
>>>
>>>  When You sending an E-mail to:
>>>
>>>  To:>
>>>
>>>
>>> Postfix dropping that E-mail.
>>>
>>>
>>>
>>>  But when You will send an e-mail to two recipients
>>>
>>>  To:>>  >,>>  >
>>>
>>>  system will deliver both.
>>>
>>>
>>>
>>>
>>>  Why system not dropping E-mail addressed to
>>>  >
>>>  ? Its clear described in the rule, drop all except...
>>>
>>>
>>>  I will appreciate for any help.
>>>
>>>
>>>
>>>
>>>  With kind regards
>>>
>>>  zalezny
>>>
>>>
>>>
>>
>> The failure you're seeing when there are two addresses in the header
>> is because your expression only matches when there is a single
>> address.  But header_checks is the wrong tool for this job; the To:
>> header does not control where mail is delivered.
>>
>> A
>> more robust solution is to limit where postfix can deliver mail.
>>
>> # main.cf
>> default_transport = error:remote delivery disabled
>> transport_maps = hash:/etc/postfix/transport
>>
>> # /etc/postfix/transport
>> domain.com  smtp:
>> extern.domain.com  smtp:
>>
>>
>>
>> http://www.postfix.org/transport.5.html
>>
>>
>>
>>   -- Noel Jones
>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

Re: header_checks bypassing discard rules

2016-06-27 Thread Zalezny 
Wow, thanks for that perfect tip.



On June 27, 2016 5:15:52 PM GMT+02:00, Noel Jones  
wrote:
>On 6/27/2016 3:39 AM, Zalezny Niezalezny wrote:
>> Hi, 
>> 
>> using header_checks configuration we are dropping all outgoing
>> E-mails except some of them. 
>> 
>> 
>> # discard all mails not going to cortalconsors.(de|fr)
>> if /^to:/
>> !/^to:?$/ DISCARD discarded 
>> endif
>> 
>> Following rules dropping all outgoing e-mails with recipeint domains
>> different than
>> 
>> extern.domain.com 
>> domain.com 
>> 
>> When You sending an E-mail to:
>> 
>> To:>
>> 
>> Postfix dropping that E-mail.
>> 
>> 
>> 
>> But when You will send an e-mail to two recipients
>> 
>> To:> >,> >
>> 
>> system will deliver both. 
>> 
>> 
>> 
>> 
>> Why system not dropping E-mail addressed to
>> >
>> ? Its clear described in the rule, drop all except... 
>> 
>> 
>> I will appreciate for any help.
>> 
>> 
>> 
>> 
>> With kind regards
>> 
>> zalezny
>> 
>> 
>
>
>The failure you're seeing when there are two addresses in the header
>is because your expression only matches when there is a single
>address.  But header_checks is the wrong tool for this job; the To:
>header does not control where mail is delivered.
>
>A more robust solution is to limit where postfix can deliver mail.
>
># main.cf
>default_transport = error:remote delivery disabled
>transport_maps = hash:/etc/postfix/transport
>
># /etc/postfix/transport
>domain.com  smtp:
>extern.domain.com  smtp:
>
>
>
>http://www.postfix.org/transport.5.html
>
>
>
>  -- Noel Jones

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: header_checks bypassing discard rules

2016-06-27 Thread Noel Jones 
On 6/27/2016 3:39 AM, Zalezny Niezalezny wrote:
> Hi, 
> 
> using header_checks configuration we are dropping all outgoing
> E-mails except some of them. 
> 
> 
> # discard all mails not going to cortalconsors.(de|fr)
> if /^to:/
> !/^to:?$/ DISCARD discarded 
> endif
> 
> Following rules dropping all outgoing e-mails with recipeint domains
> different than
> 
> extern.domain.com 
> domain.com 
> 
> When You sending an E-mail to:
> 
> To:>
> 
> Postfix dropping that E-mail.
> 
> 
> 
> But when You will send an e-mail to two recipients
> 
> To: >, >
> 
> system will deliver both. 
> 
> 
> 
> 
> Why system not dropping E-mail addressed to
> >
> ? Its clear described in the rule, drop all except... 
> 
> 
> I will appreciate for any help.
> 
> 
> 
> 
> With kind regards
> 
> zalezny
> 
> 


The failure you're seeing when there are two addresses in the header
is because your expression only matches when there is a single
address.  But header_checks is the wrong tool for this job; the To:
header does not control where mail is delivered.

A more robust solution is to limit where postfix can deliver mail.

# main.cf
default_transport = error:remote delivery disabled
transport_maps = hash:/etc/postfix/transport

# /etc/postfix/transport
domain.com  smtp:
extern.domain.com  smtp:



http://www.postfix.org/transport.5.html



  -- Noel Jones

header_checks bypassing discard rules

2016-06-27 Thread Zalezny Niezalezny 
Hi,

using header_checks configuration we are dropping all outgoing E-mails
except some of them.


# discard all mails not going to cortalconsors.(de|fr)
if /^to:/
!/^to:?$/ DISCARD discarded
endif

Following rules dropping all outgoing e-mails with recipeint domains
different than

extern.domain.com
domain.com

When You sending an E-mail to:

To:

Postfix dropping that E-mail.



But when You will send an e-mail to two recipients

To:,

system will deliver both.




Why system not dropping E-mail addressed to 
? Its clear described in the rule, drop all except...


I will appreciate for any help.




With kind regards

zalezny