Re: [Web-cyradm] Changed servername problems

Mon, 25 Jul 2005 11:09:15 -0700 

Marcel Hartmann wrote:

Hi all,
[EMAIL PROTECTED] wrote: 


Hello,


554 <[EMAIL PROTECTED]>: Relay access denied;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>

You have in your main.cf:
smtpd_recipient_restrictions = reject_unauth_destination,[..]

 From postfix documentation:
  reject_unauth_destination
     Reject the request unless one of the following is true:
         * the resolved destination address matches $relay_domains or a
subdomain thereof, and the address contains no sender-specified routing
([EMAIL PROTECTED]@domain),
         * Postfix is the final destination: any destination that matches
$mydestination, $inet_interfaces, $virtual_alias_domains, or
$virtual_mailbox_domains.
     The relay_domains_reject_code parameter specifies the response code for
rejected requests (default: 554).

First condition isn't true because you have no relay_domains in main.cf
Second condition isn't true because you your postfix isn't MX for
hotmail.com domain i gues.

Please read this http://www.postfix.org/uce.html

rgds,
Lukasz

Should be the permit_sasl_autenticated at the top of the list?
Then if he is authenticated whithin pam_mysql he can relay mails.



Good point :-)

Here is example from one of my servers:

smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_sender_login_mismatch,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_access regexp:/etc/mail/recipient_checks,
        check_policy_service unix:private/policy,
        check_sender_access hash:/etc/mail/sender_ok,
        check_helo_access hash:/etc/mail/helo_checks,
        check_client_access regexp:/etc/mail/client_ip_checks_regexp,
        check_client_access hash:/etc/mail/client_ip_checks,
        check_client_access hash:/etc/mail/client_ip_unknown,
        check_client_access hash:/etc/mail/client_checks,
        check_sender_access hash:/etc/mail/sender_checks,
        permit


And also any-spoof (one user can't write email with source email adrress 
of other user):

smtpd_sender_login_maps = mysql:/etc/mail/mysql-owner.cf

in mysql-owner.cf:
select_field = username
where_field = alias
additional_conditions = and status > '0'

rgds,
Lukasz
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch

_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm























					Reply via email to