1 Topic by avenger_msoft

  • avenger_msoft
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 21

Topic: Error in Postfix configuration

Good day!

I think that in parameter smtpd_recipient_restrictions there is an error.
Now:

smtpd_recipient_restrictions = 
reject_unknown_sender_domain, 
reject_unknown_recipient_domain, 
reject_non_fqdn_sender, 
reject_non_fqdn_recipient, 
reject_unlisted_recipient, 
...

Has to be:

smtpd_sender_restrictions = 
permit_mynetworks, 
reject_unknown_sender_domain, 
reject_non_fqdn_sender, 
reject_unlisted_sender, 
reject_sender_login_mismatch, 
permit_sasl_authenticated

smtpd_recipient_restrictions = 
reject_unknown_recipient_domain, 
reject_non_fqdn_recipient, 
reject_unlisted_recipient, 
...

Thanks.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by avenger_msoft

  • avenger_msoft
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 21

Re: Error in Postfix configuration

"Reject_non_fqdn_sender" key can only be used in the field "smtpd_sender_restrictions" (http://www.postfix.org/postconf.5.html# … qdn_sender).

do you agree?

3 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: Error in Postfix configuration

Surely it'd tell you if it was configured with options which don't match the directive?

7t3chguy's Website

4 Reply by avenger_msoft

  • avenger_msoft
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 21

Re: Error in Postfix configuration

7t3chguy wrote:

Surely it'd tell you if it was configured with options which don't match the directive?

yes.

5 Reply by avenger_msoft (edited by avenger_msoft 2015-04-07 03:58:06)

  • avenger_msoft
  • Member
  • Offline
  • Registered: 2014-08-07
  • Posts: 21

Re: Error in Postfix configuration

avenger_msoft wrote:
7t3chguy wrote:

Surely it'd tell you if it was configured with options which don't match the directive?

yes.

command 

reject_unknown_sender_domain, 
reject_non_fqdn_sender, 
reject_unlisted_sender,

use only block

smtpd_sender_restrictions

view postfix - smtpd_check.c:

    else if (is_map_command(state, name, CHECK_SENDER_ACL, &cpp)) {
        if (state->sender && *state->sender)
        status = check_mail_access(state, *cpp, state->sender,
                       &found, state->sender,
                       SMTPD_NAME_SENDER, def_acl);
        if (state->sender && !*state->sender)
        status = check_access(state, *cpp, var_smtpd_null_key, FULL,
                      &found, state->sender,
                      SMTPD_NAME_SENDER, def_acl);
    } else if (strcasecmp(name, REJECT_UNKNOWN_ADDRESS) == 0) {
        if (state->sender && *state->sender)
        status = reject_unknown_address(state, state->sender,
                      state->sender, SMTPD_NAME_SENDER);
    } else if (strcasecmp(name, REJECT_UNKNOWN_SENDDOM) == 0) {
        if (state->sender && *state->sender)
        status = reject_unknown_address(state, state->sender,
                      state->sender, SMTPD_NAME_SENDER);
    } else if (strcasecmp(name, REJECT_UNVERIFIED_SENDER) == 0) {
        if (state->sender && *state->sender)
        status = reject_unverified_address(state, state->sender,
                       state->sender, SMTPD_NAME_SENDER,
                     var_unv_from_dcode, var_unv_from_rcode,
                           unv_from_tf_act,
                           var_unv_from_why);
    } else if (strcasecmp(name, REJECT_NON_FQDN_SENDER) == 0) {
        if (state->sender && *state->sender)
        status = reject_non_fqdn_address(state, state->sender,
                      state->sender, SMTPD_NAME_SENDER);

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,505

Re: Error in Postfix configuration

You can use all restrictions available for smtpd_helo_restrictions, smtpd_sender_restrictions in smtpd_recipient_restrictions. It's fine.

But i agree with you that we'd better make it clearer.

== UPDATE ==

I moved restriction rules to proper parameters:
https://bitbucket.org/zhb/iredmail/comm … 36d506496a

Thanks for your feedback. Topic closed.