sieve redirect to foreign email gets “Relay access denied”
I have a postfix mail server with sql authentication and I want to implement sieve on it.
Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. The problem is the redirect to other servers. I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign destination. # So practically a email coming from sender@live.de for the local user testuser@server.net should be redirected to destination@gmail.com when the subject contains "redirect"
if header :contains ["subject"] ["redirect"] {redirect
"destination@gmail.com"; stop;}when I test it I get the following log entry
/postfix/smtpd[32114]: NOQUEUE: reject: RCPT from
mail.server.net[xx.xx.xx.xx]: 554 5.7.1 <destination@gmail.com>:
Relay access denied; from=<sender@live.de>
to=<destination@gmail.com> proto=ESMTP helo=<mail.server.net>/How can I tell postfix to let dovecot/sieve relay the email?
can somebody give a hint?
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 15
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
home_mailbox = mail/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = mail.server.net, localhost
myhostname = mail.server.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_restrictions = reject_unknown_helo_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_reverse_client_hostname,
reject_unknown_recipient_domain, reject_unverified_recipient,
reject_unauth_destination, reject_rbl_client zen.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender
dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_authenticated_sender_login_mismatch,
reject_unknown_sender_domain
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_domains =
mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecotdovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot/dovecot.debug.log
disable_plaintext_auth = no
first_valid_gid = 99
first_valid_uid = 99
hostname = maxi.zp1.net
info_log_path = /var/log/mail.info
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = xxx.xxx.xxx.xxx
log_path = /var/log/dovecot/dovecot.log
login_greeting = Dovecot ready, Sir.
mail_debug = yes
mail_gid = 99
mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/
mail_plugins = acl
mail_uid = 99
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace {
location = maildir:/var/mail/public
prefix = Public/
separator = /
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
acl_anyone = allow
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
mail_log_fields = uid box from subject msgid size
sieve = ~/.dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/global/
sieve_max_actions = 64
sieve_user_log = ~/.dovecot.sieve.log
}
postmaster_address = root@server.net
protocols = " imap sieve pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
unix_listener auth-userdb {
group = postfix
mode = 0666
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
submission_host = smtp.server.net
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%u
driver = static
}
verbose_proctitle = yes
protocol lda {
mail_plugins = acl sieve
}
protocol imap {
mail_plugins = acl autocreate acl imap_acl
}
protocol sieve {
mail_max_userip_connections = 10
}Am 22.09.2014 um 22:19 schrieb Henry Stack:
/ I have a postfix mail server with sql authentication and I want to implement sieve on it. />/
/>/ Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. />/ The problem is the redirect to other servers. />/ I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign />/ destination. # />/ So practically a email coming fromsender at live.de http://dovecot.org/cgi-bin/mailman/listinfo/dovecot for the local usertestuser at server.net http://dovecot.org/cgi-bin/mailman/listinfo/dovecot should be redirected to />/ destination at gmail.com http://dovecot.org/cgi-bin/mailman/listinfo/dovecot when the subject contains "redirect" />/
/>/ if header :contains ["subject"] ["redirect"] {redirect />/ "destination at gmail.com http://dovecot.org/cgi-bin/mailman/listinfo/dovecot"; stop;} />/
/>/ when I test it I get the following log entry />/
/>/ /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from />/ mail.server.net[xx.xx.xx.xx]: 554 5.7.1http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>: />/ Relay access denied; from= http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> />/ to= http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> proto=ESMTP helo= /
- you have "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
- you masked the IP so likely it's not 127.0.0.1
- just use your local MTA or add the machine to "mynetworks"
Thanks for the hint.
I tried it, I added the IP to mynetworks and it is still not working, still*Relay access denied;*
Henry
Am 22.09.2014 um 23:38 schrieb Henry Stack:
Am 22.09.2014 um 22:19 schrieb Henry Stack:
/ I have a postfix mail server with sql authentication and I want to implement sieve on it. />/ />/ Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. />/ The problem is the redirect to other servers. />/ I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign />/ destination. # />/ So practically a email coming from sender at live.de http://dovecot.org/cgi-bin/mailman/listinfo/dovecot for the local user testuser at server.net http://dovecot.org/cgi-bin/mailman/listinfo/dovecot should be redirected to />/ destination at gmail.com http://dovecot.org/cgi-bin/mailman/listinfo/dovecot when the subject contains "redirect" />/ />/ if header :contains ["subject"] ["redirect"] {redirect />/ "destination at gmail.com http://dovecot.org/cgi-bin/mailman/listinfo/dovecot"; stop;} />/ />/ when I test it I get the following log entry />/ />/ /postfix/smtpd[32114]: NOQUEUE: reject: RCPT from />/ mail.server.net[xx.xx.xx.xx]: 554 5.7.1
http://dovecot.org/cgi-bin/mailman/listinfo/dovecot>: />/ Relay access denied; from= http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> />/ to= http://dovecot.org/cgi-bin/mailman/listinfo/dovecot> proto=ESMTP helo= /
- you have "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
- you masked the IP so likely it's not 127.0.0.1
- just use your local MTA or add the machine to "mynetworks"
Thanks for the hint.
I tried it, I added the IP to mynetworks and it is still not working, still *Relay access denied;*
you need to provide more informations about your setup and if possible avoid mask IP addresses - where does the smtpd live, where is dovecot and how did you configure the relay at all
what postfix version?
in case of a recent version -> smtpd_relay_restrictions is configured?
On 22-09-2014 23:50, Reindl Harald wrote:
[...] you need to provide more informations about your setup and if possible avoid mask IP addresses - where does the smtpd live, where is dovecot and how did you configure the relay at all what postfix version? in case of a recent version -> smtpd_relay_restrictions is configured?
ok here comes the data the sieve rule is simple
if header :contains ["subject"] ["redirect"] {redirect "henry@gmail.com"; stop;}
first of all the main issue is the sieve "redirect" to a email address on a foreign server. In our case gmail. (sieve is a part of dovecot, and I found no possibility to make sieve more verbose.) I can make postfix verbose but it just say that relay is not permitted.
to test sieve and the rule I send a email from henry@live.de (Hotmail) to my account on the server. henry@example.net and expect it to be redirected to henry@gmail.com
The only interesting line in the log-file is still
NOQUEUE: reject: RCPT from mail.example.net[62.78.xxx.xxx]: 554 5.7.1
henry@gmail.com: Relay access denied; from=henry@live.de
to=henry@gmail.com proto=ESMTP helo=
it say that sieve is trying to make a email FROM henry@live.de TO henry@gmail.com and send it via mail.example.net. *this is crazzy.* I think that this is the reason why I get the relay not permitted. afaik it should envelope the email using henry@example.net
Even I transform my own server in a open relay and send the email like sieve want it to be redirected it will be rejected by the destination server because my server is no authority for gmail.
Does somebody know how I can teach sieve to send as envelope ?
On 2014-09-23 10:22, Henry Stack wrote:
On 22-09-2014 23:50, Reindl Harald wrote: [...] you need to provide more informations about your setup and if possible avoid mask IP addresses - where does the smtpd live, where is dovecot and how did you configure the relay at all what postfix version? in case of a recent version -> smtpd_relay_restrictions is configured?
ok here comes the data the sieve rule is simple
if header :contains ["subject"] ["redirect"] {redirect "henry@gmail.com"; stop;}
first of all the main issue is the sieve "redirect" to a email address on a foreign server. In our case gmail. (sieve is a part of dovecot, and I found no possibility to make sieve more verbose.) I can make postfix verbose but it just say that relay is not permitted.
to test sieve and the rule I send a email from henry@live.de (Hotmail) to my account on the server. henry@example.net and expect it to be redirected to henry@gmail.com
The only interesting line in the log-file is still NOQUEUE: reject: RCPT from mail.example.net[62.78.xxx.xxx]: 554 5.7.1 henry@gmail.com: Relay access denied; from=henry@live.de to=henry@gmail.com proto=ESMTP helo=
it say that sieve is trying to make a email FROM henry@live.de TO henry@gmail.com and send it via mail.example.net. *this is crazzy.* I think that this is the reason why I get the relay not permitted. afaik it should envelope the email using henry@example.net
Even I transform my own server in a open relay and send the email like sieve want it to be redirected it will be rejected by the destination server because my server is no authority for gmail.
Does somebody know how I can teach sieve to send as envelope ?
This looks like a postfix configuration issue, nothing to do with dovecot or sieve. You should really ask on a postfix list but what does your postfix main.cf look like?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 23 Sep 2014, Henry Stack wrote:
On 22-09-2014 23:50, Reindl Harald wrote:
[...] you need to provide more informations about your setup and if possible avoid mask IP addresses - where does the smtpd live, where is dovecot and how did you configure the relay at all what postfix version? in case of a recent version -> smtpd_relay_restrictions is configured?
ok here comes the data the sieve rule is simple
if header :contains ["subject"] ["redirect"] {redirect "henry@gmail.com"; stop;}
first of all the main issue is the sieve "redirect" to a email address on a foreign server. In our case gmail. (sieve is a part of dovecot, and I found no possibility to make sieve more verbose.) I can make postfix verbose but it just say that relay is not permitted.
to test sieve and the rule I send a email from henry@live.de (Hotmail) to my account on the server. henry@example.net and expect it to be redirected to henry@gmail.com
The only interesting line in the log-file is still NOQUEUE: reject: RCPT from mail.example.net[62.78.xxx.xxx]: 554 5.7.1 henry@gmail.com: Relay access denied; from=henry@live.de to=henry@gmail.com proto=ESMTP helo=
it say that sieve is trying to make a email FROM henry@live.de TO henry@gmail.com and send it via mail.example.net. *this is crazzy.* I think that this is the reason why I get the relay not permitted. afaik it should envelope the email using henry@example.net
Even I transform my own server in a open relay and send the email like sieve want it to be redirected it will be rejected by the destination server because my server is no authority for gmail.
There is a difference between "resent" and "redirect" (which is also known as "forward" or sometimes "bounce"). You want a redirect, Sieve forwards. Both ways have pros and cons.
You do not change your server into an open relay, if you permit just this host to drop messages there, depending what other services the Sieve host hosts. I don't know for certain, if Pigeonhole implements client SMTP AUTH - that would certainly help, but I found no setting for it. On the other hand, you can use a sendmail script instead of SMTP to circumvent that limitation.
See: # Binary to use for sending mails. #sendmail_path = /usr/sbin/sendmail
# If non-empty, send mails via this SMTP host[:port] instead of sendmail. submission_host = localhost
Does somebody know how I can teach sieve to send as envelope ?
If you resent messages, bounces and other notifications (vacation) return to the resender not the original sender. What this means in your situation, I don't know.
Stuff like: https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme shall overcome this problem, but then each envelope sender is unique because of the timestamp. What this means for your recipients, I don't know as well.
You can teach Sieve doing so by patching the source code and submit a patch Stephan might consider to include into the source.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVCFijHz1H7kL/d9rAQJvUQf+L1iIZj/VuKtfPVB3MiAeQn0s+P5yHFnq eq+m4c393KNLeCyHiYYEjnZ/tadm6dU22LPuaZD+2ClzorMC4AJq3zLBN7MDLQZ1 aUBOYcyvwMsA4500zMRBldx2++P2QoZevH/MbIS3MCBEq5YbSOYbIbIz/8U36l6O cwhNhC6XLb9329Slw4ru9MUn1j6VWcpXvq2E6OeEUiNM/crvZ5a12reQ3ksIskA9 YoAsy8rCYhXHVse0p5rlt1MVg4YrcgP9WH8zziqSd4iB50vSjdku7OMFTxT+J0uJ tnNMF8vFX+DznE5vToz5dPd5NbXBMm4QR1e9ILRgV371YtokPWQQOA== =tKmq -----END PGP SIGNATURE-----
Hi,
I'm not shure, but could it be that you are missing "permit_mynetworks" in "smtpd_recipient_restrictions"?
Regards Urban
Am 22.09.2014 22:36, schrieb Henry Stack:
I have a postfix mail server with sql authentication and I want to implement sieve on it.
Sieve is working relative good, rules who contain 'fileinto' are executed perfectly. The problem is the redirect to other servers. I configured a rule in Sieve to redirect any email containing "redirect" in subject to a specified foreign destination. # So practically a email coming from sender@live.de for the local user testuser@server.net should be redirected to destination@gmail.com when the subject contains "redirect"
if header :contains ["subject"] ["redirect"] {redirect "destination@gmail.com"; stop;}
when I test it I get the following log entry
/postfix/smtpd[32114]: NOQUEUE: reject: RCPT from mail.server.net[xx.xx.xx.xx]: 554 5.7.1 destination@gmail.com: Relay access denied; from=sender@live.de to=destination@gmail.com proto=ESMTP helo=
/ How can I tell postfix to let dovecot/sieve relay the email?
can somebody give a hint?
postconf -n
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 default_process_limit = 15 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 home_mailbox = mail/ inet_interfaces = all mailbox_size_limit = 0 mydestination = mail.server.net, localhost myhostname = mail.server.net mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_restrictions = reject_unknown_helo_hostname smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_reverse_client_hostname, reject_unknown_recipient_domain, reject_unverified_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_authenticated_sender_login_mismatch, reject_unknown_sender_domain smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = no virtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_base = /var/vmail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 512000000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_transport = dovecot
dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot/dovecot.debug.log disable_plaintext_auth = no first_valid_gid = 99 first_valid_uid = 99 hostname = maxi.zp1.net info_log_path = /var/log/mail.info lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = xxx.xxx.xxx.xxx log_path = /var/log/dovecot/dovecot.log login_greeting = Dovecot ready, Sir. mail_debug = yes mail_gid = 99 mail_location = maildir:~/mail:LAYOUT=fs:INBOX=/var/vmail/%u/mail/ mail_plugins = acl mail_uid = 99 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = maildir:/var/mail/public prefix = Public/ separator = / subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box from subject msgid size sieve = ~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_max_actions = 64 sieve_user_log = ~/.dovecot.sieve.log } postmaster_address = root@server.net protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } ssl_cert =
Am 23.09.2014 um 12:08 schrieb Urban Loesch:
I'm not shure, but could it be that you are missing "permit_mynetworks" in "smtpd_recipient_restrictions"?
likely
- smtpd_sender_restrictions
- smtpd_data_restrictions
- smtpd_helo_restrictions
- smtpd_recipient_restrictions
it is in general a bad idea to use all 4 of them how do you know the exact order
http://www.postfix.org/postconf.5.html#smtpd_delay_reject default on, so you can put anything in "smtpd_recipient_restrictions" and avoid unpredictable results - below an example how all of them live in "smtpd_recipient_restrictions"
the point is postfix is working from top to bottom you only need to take care to skip restrictions applied to inbound mail but not in the local network and for authenticated users while some rules are on top and are explicitly for submission users
no reason for that: smtpd_data_restrictions = reject_unauth_pipelining
smtpd_recipient_restrictions = permit_mynetworks reject_non_fqdn_recipient reject_non_fqdn_sender reject_unlisted_sender reject_authenticated_sender_login_mismatch permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname reject_unauth_destination reject_unauth_pipelining reject_unknown_sender_domain reject_unknown_recipient_domain check_recipient_access proxy:hash:/etc/postfix/blacklist_rcpt.cf check_recipient_access proxy:hash:/etc/postfix/whitelist_rcpt.cf check_sender_access proxy:hash:/etc/postfix/whitelist_sender.cf check_sender_access proxy:hash:/etc/postfix/blacklist_sender.cf check_sender_access proxy:hash:/etc/postfix/spoofing_protection.cf check_helo_access proxy:regexp:/etc/postfix/blacklist_helo.cf check_reverse_client_hostname_access proxy:regexp:/etc/postfix/blacklist_generic_ptr.cf check_policy_service unix:private/spf-policy check_recipient_access proxy:hash:/etc/postfix/skip_rcpt_verification.cf reject_unverified_recipient
On 23-09-2014 12:31, Reindl Harald wrote:
[...] no reason for that: smtpd_data_restrictions = reject_unauth_pipelining
its goood, the reason is to block clients who speak to early like spammers for example. http://www.postfix.org/postconf.5.html#reject_unauth_pipelining "This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries."
Am 23.09.2014 um 20:09 schrieb Henry Stack:
On 23-09-2014 12:31, Reindl Harald wrote:
[...] no reason for that: smtpd_data_restrictions = reject_unauth_pipelining
its goood, the reason is to block clients who speak to early like spammers for example. http://www.postfix.org/postconf.5.html#reject_unauth_pipelining "This stops mail from bulk mail software that improperly uses ESMTP command pipelining in order to speed up deliveries."
but nobody needs "smtpd_data_restrictions" for that just add it to "smtpd_recipient_restrictions"
if you want to block spammers it's anyways the wrong tool
- use port 587 for submission
- setup http://www.postfix.org/POSTSCREEN_README.html on port 25
- postscreen_greet_action = enforce
- postscreen_greet_wait = ${stress?2}${stress:10}
with the above configuration on port 25 a sane client has to wait 10 seconds before he is allowed to talk the first time and only after passed that it has a chance to talk to smtpd at all
well, and then you can configure "postscreen_dnsbl_sites" and "postscreen_dnsbl_action = enforce" with a sensible scoring and you are rid of 90% spam at all
participants (5)
-
Alan McGinlay
-
Henry Stack
-
Reindl Harald
-
Steffen Kaiser
-
Urban Loesch