|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Noel Jones (njones
megan.vbhcs.org)
Date: Sun Aug 03 2008 - 14:56:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bissio wrote:
> Hi,
>
> I have postfix 2.4 and i need to receive messages from address like
> rootsomedomain, but i have reject_unverified_sender in my conf under
> smtpd_recipient_restrictions and this block messages even if i have this
> email address listed into: check_sender_access
> mysql:/etc/postfix/mysql-sender.cf (mysql record: rootdomedomain OK).
> If i delete reject_unverified_sender from my main.cf, then i receive a lot
> of spam with forged domain (mine).
>
> Thanks
Please don't top post.
If your system is configured to reject unknown local
recipients, you can use the "reject_unlisted_sender" directive
instead. If you don't have a list of valid local recipients,
in your mysql:/etc/postfix/mysql-recipient.cf table, arrange
for an entry with a key of your domain, and a result of
"reject_unverified_sender".
http://www.postfix.org/postconf.5.html#reject_unlisted_sender
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#forged_sender
It's unwise to verify the sender of all mail that you accept.
Some admins consider recipient probes as abusive and will
blacklist you (indistinguishable from a dictionary attack to
them).
--
Noel Jones
>
> -----Messaggio originale-----
> Da: owner-postfix-userspostfix.org [mailto:owner-postfix-userspostfix.org]
> Per conto di Robert Schetterer
> Inviato: mercoledì 30 luglio 2008 12.25
> A: Bissio
> Cc: postfix-userspostfix.org
> Oggetto: Re: unverified sender
>
> Bissio schrieb:
>> Hi all,
>>
>> I cannot receive any message from an email address listed into my
>> mysql
>> table: mysql-sender.cf becouse i have in recipient restriction:
>> reject_unverified_sender and the sender is something like:
>> rootsomedomain.com (not verified).
>>
>> How can i bypass reject_unverified_sender whitout put
>> check_sender_access mysql:/etc/postfix/mysql-sender.cf into
>> smtpd_recipient_restrictions (this will bypass even other restrctions).
>>
>>
>> This is my main.cf:
>>
>> #Sender restriction
>> smtpd_sender_restrictions =
>> check_sender_access hash:/etc/postfix/restricted_sender,
>> check_sender_access mysql:/etc/postfix/mysql-sender.cf,
>> check_recipient_access mysql:/etc/postfix/mysql-recipient.cf,
>> reject_unknown_sender_domain,
>> reject_non_fqdn_sender
>> #Recipient restriction
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated,
>> permit_mynetworks,
>> check_recipient_access mysql:/etc/postfix/mysql-recipient.cf,
>> reject_invalid_hostname,
>> reject_non_fqdn_recipient,
>> reject_unauth_destination,
>> reject_unknown_recipient_domain,
>> reject_unverified_recipient,
>> reject_unverified_sender
>>
>> Thanks
>> Bissio
>>
> Hi,
> you shouldnt do reject_unverified_sender in total, this leads to massive
> smtp probes to frequent forged domains mailservers, so your are going to
> risk to get banned there by backscatter, what reason do you have for
> reject_unverified_recipient ?
> is the host mx backup ?
> you might should post more info, which problem you are exactly trying to
> solve in which setup perhaps
> reject_unlisted_recipient,reject_unlisted_sender are enough for your problem
>
> read
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
>
> --
> Best Regards
>
> MfG Robert Schetterer
>
> Germany/Munich/Bavaria
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]