info
Google Groups unterstützt keine neuen Usenet-Beiträge oder ‑Abos mehr. Bisherige Inhalte sind weiterhin sichtbar.
Dismiss
Postfix 3.2.0 during the processing of the relays applies the rules from "smtpd_relay_restrictions" AFTER rules from "smtpd_recipient_restrictions".
28 Aufrufe
Direkt zur ersten ungelesenen Nachricht
13i...@gmail.com
27.05.2017, 18:32:0427.05.17
an
Postfix 3.2.0, I noticed this behaviour on this version may behave and earlier versions, but I have no way to test it, during the processing of the relays applies the rules from "smtpd_relay_restrictions" AFTER rules from "smtpd_recipient_restrictions", that makes the rule of "smtpd_relay_restrictions" is useless, as I have, as in versions prior to 2.10, in the "smtpd_recipient_restrictions" to specify rules for processing and the relays and incoming messages.
As I understand from documentation, this should NOT be, and when you specify rules in "smtpd_relay_restrictions" relays should only be handled by these rules ignore the rules of "smtpd_recipient_restrictions".
In fact, when specifying such settings.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
Server rejects connections for relays (remote clients connecting to SMTP/IMAP server after a successful SASL authentication)
postfix/smtpd[3202]: warning: hostname "hostname of client interet provider" does not resolve to address "IP (DUHL) of client Internet provider": Name or service not known
postfix/smtpd[3202]: disconnect from unknown["IP (DUHL) of client Internet provider"]
This should not be! My initial idea rules "reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org" never should have been applied to the relay, but the logs say otherwise.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
If you add the rule of "smtpd_relay_restrictions" to the beginning of the rules "smtpd_recipient_restrictions", then it works normally as in versions prior to 2.10, but according to the documentation it should not be on version 3.2.0.
As I understand from documentation, this should NOT be, and when you specify rules in "smtpd_relay_restrictions" relays should only be handled by these rules ignore the rules of "smtpd_recipient_restrictions".
In fact, when specifying such settings.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
Server rejects connections for relays (remote clients connecting to SMTP/IMAP server after a successful SASL authentication)
postfix/smtpd[3202]: warning: hostname "hostname of client interet provider" does not resolve to address "IP (DUHL) of client Internet provider": Name or service not known
postfix/smtpd[3202]: disconnect from unknown["IP (DUHL) of client Internet provider"]
This should not be! My initial idea rules "reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org" never should have been applied to the relay, but the logs say otherwise.
smtpd_relay_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_inet_interfaces, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unknown_helo_hostname, reject_unknown_client_hostname, reject_rbl_client zen.spamhaus.org
If you add the rule of "smtpd_relay_restrictions" to the beginning of the rules "smtpd_recipient_restrictions", then it works normally as in versions prior to 2.10, but according to the documentation it should not be on version 3.2.0.
13i...@gmail.com
28.05.2017, 04:26:5028.05.17
an
Here is a more accurate log processing relay at the initial configuration.
NOQUEUE: reject: RCPT from unknown[5.135.248.156]: 450 4.7.25 Client host rejected: cannot find your hostname, [5.135.248.156]; from=<my mail server> to=<gmail> proto=ESMTP helo=<[10.211.1.147]>
NOQUEUE: reject: RCPT from unknown[5.135.248.156]: 450 4.7.25 Client host rejected: cannot find your hostname, [5.135.248.156]; from=<my mail server> to=<gmail> proto=ESMTP helo=<[10.211.1.147]>
0 neue Nachrichten