OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Postfix Restriction class not working properly

From: ankush grover (grover.pixgmail.com)
Date: Wed Aug 02 2006 - 00:05:58 CDT

On 8/2/06, Magnus Bäck <magnusdsek.lth.se> wrote:

>
> You missed a couple of log entries from smtpd(8) at the start of the
> log, but this line shows anyway that the client was localhost. The
> loopback interface is listed in mynetworks, so your permit_mynetworks
> bypasses your restrictions.
>

Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from localhost (localhost.localdomain [127.0.0.1])??by
mail.sun.net (Postfix) with ESMTP id 0E3766FFE5??for
<testingexample.com>; Tue, 1 Aug 2006 16:48:57 +0530 (IST) from
localhost.localdomain[127.0.0.1]; from=<grover.pixgmail.com>
to=<testingexample.com> proto=ESMTP helo=<localhost>

You can see the mail is coming from grover.pixgmail.com and this
address is not listed in sender_access.

recipient_access file
testingexample.com insiders_only

sender_access file

example.com OK
ankushgmail.com OK
ankushyahoo.com OK
johnyahoo.com OK

grover.pixgmail.com is not listed in the users who are authorized to
send the mail to testingexample.com

I am downloading the mails through fetchmail from my ISP account and
redistributing to my internal users.

Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from mail.isp.com??by localhost with IMAP
(fetchmail-6.2.5.5)??for testingexample.com (multi-drop); Tue, 01 Aug
2006 16:48:57 +0530 (IST) from localhost.localdomain[127.0.0.1];
from=<grover.pixgmail.com> to=<testingexample.com> proto=ESMTP
helo=<localhost>

You can see fetchmail has downloaded the mail and the mail is from the
grover.pixgmail.com is for testingexample.com and it is a
multidrop(catchall) account.

Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: from ug-out-1314.google.com (ug-out-1314.google.com
[66.249.92.174])??by mail252.megamailservers.com
(8.13.6.20060614/8.13.1) with ESMTP id k71Bb1aL003459??for
<testingexample.com from localhost.localdomain[127.0.0.1];
from=<grover.pixgmail.com> to=<testingexample.com> proto=ESMTP
helo=<localhost>

Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by ug-out-1314.google.com with SMTP id m3so1254036ugc?
 for <testingexample.com>; Tue, 01 Aug 2006 04:36:59 -0700 (PDT) from
localhost.localdomain[127.0.0.1]; from=<grover.pixgmail.com>
to=<testingexample.com> proto=ESMTP helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by 10.66.221.19 with SMTP id t19mr749382ugg;?
Tue, 01 Aug 2006 04:36:58 -0700 (PDT) from localhost.localdomain[127.0.0.1];
from=<grover.pixgmail.com> to=<testingexample.com> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5: hold: header
Received: by 10.66.225.3 with HTTP; Tue, 1 Aug 2006 04:36:58 -0700
(PDT) from localhost.localdomain[127.0.0.1];
from=<grover.pixgmail.com> to=<testingexample.com> proto=ESMTP
helo=<localhost>
Aug 1 16:48:57 mail postfix/cleanup[4864]: 0E3766FFE5:
message-id=<cf4061610608010436o28366aeaob24407c9f95eb3bbmail.gmail.com>
Aug 1 16:48:57 mail MailScanner[30558]: New Batch: Scanning 1
messages, 2194 bytes
Aug 1 16:48:58 mail postfix/smtpd[4863]: disconnect from
localhost.localdomain[127.0.0.1]
Aug 1 16:49:04 mail MailScanner[30558]: Virus and Content Scanning: Starting
Aug 1 16:49:04 mail MailScanner[30558]: Requeue: 0E3766FFE5.381FC to 647537000E
Aug 1 16:49:04 mail MailScanner[30558I hope I am clear this time ]:
Uninfected: Delivered 1 messages
Aug 1 16:49:04 mail MailScanner[30558]: Logging message 0E3766FFE5.381FC to SQL
Aug 1 16:49:04 mail postfix/qmgr[30525]: 647537000E:
from=<grover.pixgmail.com>, size=1927, nrcpt=2 (queue active)
Aug 1 16:49:04 mail MailScanner[30517]: 0E3766FFE5.381FC: Logged to
MailWatch SQL
Aug 1 16:49:04 mail postfix/local[4871]: 647537000E:
to=<ankushexample.com>, orig_to=<testingexample.com>, relay=local,
delay=7, status=sent (delivered to maildir)
Aug 1 16:49:04 mail postfix/local[4870]: 647537000E:
to=<agroverexample.com>, orig_to=<testingexample.com>, relay=local,
delay=7, status=sent (delivered to maildir)
Aug 1 16:49:04 mail postfix/qmgr[30525]: 647537000E: removed

The mail for testingexample.com is redirected to 2 users

Entries for these users is defined in virtual file (/etc/postfix/virtual)

testingexample.com ankush agrover (local users)

What else should I post?

Thanks & Regards

Ankush Grover