access - Postfix SMTP server access table

Kai Fürstenberg kai_postfix at fuerstenberg.ws
Mo Jan 28 13:49:20 CET 2019


Hallo David,

Am 28.01.2019 um 13:39 schrieb Ublun:
> Danke, hier mal das Log zu "whatifitworks@" im access table und mein
> postconf -fn>
> gruss David
> 
> Jan 28 13:10:15 ubox postfix/smtpd[8348]: connect from
> mail-40136.protonmail.ch[185.70.40.136]
> Jan 28 13:10:16 ubox postfix/smtpd[8348]: 0976720796:
> client=mail-40136.protonmail.ch[185.70.40.136]
> Jan 28 13:10:16 ubox postfix/cleanup[8352]: 0976720796:
> message-id=<lnE8slyFjsk3xbA8iOaL4-Ot1XNYpeHJhukXxcKB_0OPY2bUrOey9gE54FE_5pubnLaEAFqpXFlOUlVXBRNj2jT34M4UYKwtuhkylqWE5wA=@protonmail.com>
> 
> Jan 28 13:10:16 ubox opendkim[1053]: 0976720796: s=default
> d=protonmail.com SSL
> Jan 28 13:10:16 ubox postfix/qmgr[7734]: 0976720796:
> from=<whatifitworks at protonmail.com>, size=2328, nrcpt=1 (queue active)
> Jan 28 13:10:16 ubox postfix/smtpd[8348]: disconnect from
> mail-40136.protonmail.ch[185.70.40.136] ehlo=2 starttls=1 mail=1 rcpt=1
> data=1 quit=1 commands=7
> Jan 28 13:10:37 ubox postfix/local[8353]: 0976720796:
> to=<info.ublun at ubox>, orig_to=<info at ublun.com>, relay=local, delay=21,
> delays=0.45/0.01/0/21, dsn=2.0.0, status=sent (delivered to command:
> /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
> Jan 28 13:10:37 ubox postfix/qmgr[7734]: 0976720796: removed
> 
> postconf -fn
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> compatibility_level = 2
> home_mailbox = Maildir/
> inet_interfaces = all
> inet_protocols = all
> mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
> mailbox_size_limit = 0
> message_size_limit = 50240000
> milter_default_action = accept
> milter_protocol = 2
> mydestination = $myhostname, ubox, localhost.ublun.com, localhost
> myhostname = ubox.ublun.com
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> non_smtpd_milters = inet:localhost:8891
> readme_directory = no
> recipient_delimiter = +
> sender_bcc_maps = hash:/etc/postfix/bcc
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_tls_security_options = noanonymous
> smtp_tls_security_level = dane
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_client_restrictions = permit_sasl_authenticated check_client_access
>     hash:/etc/postfix/sender_access permit_inet_interfaces
>     reject_unknown_reverse_client_hostname
> smtpd_enforce_tls = yes
> smtpd_milters = inet:localhost:8891
> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
>     reject_unauth_destination reject_unknown_reverse_client_hostname
> smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
>     defer_unauth_destination reject_unknown_reverse_client_hostname
> smtpd_sasl_auth_enable = yes
> smtpd_tls_CAfile = /etc/postfix/postfix.ca.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/postfix.cert.pem
> smtpd_tls_key_file = /etc/postfix/postfix.key.pem
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> virtual_alias_maps = hash:/etc/postfix/virtual
> 
> Am 26.01.19 um 13:24 schrieb Ublun:
>>  /etc/postfix/sender_access
>> #
>> # Black/Whitelist for senders matching the 'MAIL FROM' field. Examples...
>> #
>> myfriend at example.com    OK
>> junk at spam.com           REJECT
>> marketing@              REJECT
>> theboss@                OK
>> deals.marketing.com     REJECT
>> somedomain.com          OK
>>
>> in meinem Fall wird marketing@ aber nicht REJECT auch nicht nach einem, postmap /etc/postfix/sender_access

zunächst: whatifitworks@ steht nicht in deiner Liste drin. Die Adresse
wird also ignoriert und die Mail korrekterweise zugestellt.

Weiterhin kannst du deine Restriktionen ein wenig aufräumen und
übersichtlicher machen:

Du hast smtpd_delay_reject per default auf "yes". Dadurch werden alle
Restriktionen erst nach dem RCPT TO bearbeitet.

Du kannst also alles in die smtpd_recipient_restrictions setzen, die
Relay-restrictions funktionieren meist per default und müssen nur in
besonderen Fällen bearbeitet werden.

-- 
Kai Fürstenberg

PM an: kai at fuerstenberg punkt ws



Mehr Informationen über die Mailingliste postfix-users