NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2009-03

Re: Postfix + Dovecot SASL authentication.

From: Miguel Da Silva - Centro de Matemática (mdasilvacmat.edu.uy)
Date: Wed Mar 04 2009 - 05:35:38 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni escribió:
> On Wed, Mar 04, 2009 at 12:29:29AM -0200, Miguel Da Silva - Centro de Matem?tica wrote:
>
>> Mar 2 18:42:02 smtp postfix/smtpd[15652]: NOQUEUE: reject: RCPT from
>> r190-134-zz-xx.dialup.adsl.anteldata.net.uy[190.134.zz.
>> xx]: 450 4.7.1 <destinocmat.edu.uy>: Recipient address rejected:
>> Greylisting in action, please come back later.; from=<usuario2c
>> mat.edu.uy> to=<destinocmat.edu.uy> proto=ESMTP helo=<UserPC>
>>
>> smtpd_recipient_restrictions =
>> reject_rbl_client sbl.spamhaus.org
>> reject_rbl_client bl.spamcop.net
>> check_recipient_access hash:/etc/postfix/bloqueados
>> permit_sasl_authenticated
>> permit_mynetworks
>> reject_unauth_destination
>> reject_unknown_recipient_domain
>> reject_unverified_recipient
>> check_policy_service inet:127.0.0.1:10026
>>
>> Sugestions?! My idea is, if you are not part to $mynetworks, then
>> authenticating is the only way to get mail relaid trough this server.
>
> The user was not "relaying" mail was sent to a domain you are responsible
> for, so this was not blocked by "reject_unauth_destination". Nor should it
> have been. On a port 25 MX host you can't distinguish roaming users submitting
> mail to your domains from outside MTAs delivering mail to your domains.
>

Well... I don't think so, maybe I am not understandig
reject_unauth_destinations correctly.

Postfix' manual says:

reject_unauth_destination
Reject the request unless one of the following is true:

* Postfix is mail forwarder: the resolved RCPT TO domain
matches $relay_domains or a subdomain thereof, and contains no
sender-specified routing (userelsewheredomain),
* Postfix is the final destination: the resolved RCPT TO domain
matches $mydestination, $inet_interfaces, $proxy_interfaces,
$virtual_alias_domains, or $virtual_mailbox_domains, and contains no
sender-specified routing (userelsewheredomain).

The first point do not botter me because $relay_domains is empty on this
server. But, reading the second one I would say every local user sending
mail to another local user will get it done through the server.

We both agree reject_unauth_destination did not block mail, but I think
that's happening because usuario2cmat.edu.uy is sending mail to
destinocmat.edu.uy.

Greetings.
--
Miguel Da Silva
Administrador Junior de Sistemas Unix
Centro de Matemática - http://www.cmat.edu.uy
Facultad de Ciencias - http://www.fcien.edu.uy
Universidad de la República - http://www.rau.edu.uy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]