NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2009-11

Re: Accept unlisted recipient for authentified users and my network

From: Pascal Maes (pascal.maeselec.ucl.ac.be)
Date: Mon Nov 16 2009 - 13:14:05 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 16 nov. 2009 à 19:46, Pascal Maes a écrit :

> Helo,
>
> I would like that authentified users and users from my network could send email to wrong adresses because it could be worse to find a wrong address if the mail is rejected at the smtp connection.
>
> # postconf -n
> address_verify_sender = verify_addressuclouvain.be
> alias_database = hash:/etc/postfix/aliases
> alias_maps = hash:/etc/postfix/aliases
> bounce_size_limit = 50000
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> disable_vrfy_command = yes
> empty_address_recipient = MAILER-DAEMON
> hash_queue_depth = 1
> hash_queue_names = deferred defer incoming hold
> header_checks = regexp:/etc/postfix/rules/header_checks
> html_directory = no
> mail_owner = postfix
> mailbox_size_limit = 250000000
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> message_size_limit = 250000000
> milter_default_action = tempfail
> milter_protocol = 6
> mydestination = $myhostname, localhost, localhost.$mydomain
> mydomain = sipr-dc.ucl.ac.be
> myhostname = smtp1.sgsi.ucl.ac.be
> mynetworks = 127.0.0.0/8,10.0.0.0/8,130.104.0.0/16,192.168.128.0/17,193.190.89.0/24
> newaliases_path = /usr/bin/newaliases
> parent_domain_matches_subdomains = debug_peer_list
> mynetworks
> queue_directory = /var/spool/postfix
> readme_directory = no
> relay_domains = hash:/etc/postfix/relais/relay_domains
> relay_recipient_maps = hash:/etc/postfix/relais/transport
> hash:/etc/postfix/relais/virtual_relais
> hash:/etc/postfix/relais/virtual_aliases
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP
> smtpd_client_connection_rate_limit = 20
> smtpd_client_message_rate_limit = 300
> smtpd_client_recipient_rate_limit = 1000
> smtpd_data_restrictions = check_sender_access hash:/etc/postfix/rules/check_backscatterer
> smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
> smtpd_hard_error_limit = ${stress?3}${stress:20}
> smtpd_helo_required = yes
> smtpd_helo_restrictions = check_client_access hash:/etc/postfix/rules/access
> check_recipient_access pcre:/etc/postfix/rules/listes_client_access
> permit_mynetworks
> permit_sasl_authenticated
> reject_invalid_hostname
> check_client_access hash:/etc/postfix/rules/helo_whitelist
> check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions
> reject_non_fqdn_hostname
> check_client_access hash:/etc/postfix/files_access/spammers
> check_helo_access pcre:/etc/postfix/rules/helo_checks
> check_sender_mx_access cidr:/etc/postfix/rules/bogus_mx_checks
> permit
> smtpd_milters = unix:/var/run/clamav/milter-clamav.socket
> local:/var/run/milter/milter-spiff.socket
> smtpd_recipient_restrictions = reject_non_fqdn_recipient
> reject_non_fqdn_sender
> check_recipient_access hash:/etc/postfix/rules/ucllouvain
> check_recipient_access hash:/etc/postfix/rules/invalid
> check_recipient_access hash:/etc/postfix/rules/phishing_reply_adresses
> permit_sasl_authenticated
> permit_mynetworks
> reject_unlisted_recipient
> reject_unknown_recipient_domain
> reject_unauth_destination
> reject_multi_recipient_bounce
> check_recipient_access hash:/etc/postfix/rules/roleaccount_exceptions
> check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-header
> check_client_access cidr:/etc/postfix/rules/hi-med-dnswl-permit
> check_sender_access hash:/etc/postfix/rules/sender_whitelist
> check_client_access hash:/etc/postfix/rules/client_whitelist
> check_sender_access pcre:/etc/postfix/rules/pcre_sender_whitelist
> check_recipient_access hash:/etc/postfix/rules/recipient_whitelist
> reject_rbl_client zen.dnsbl
> reject_rbl_client sip.invaluement.dnsbl
> reject_rbl_client cbl.abuseat.org
> reject_rbl_client bl.spamcop.net
> reject_rbl_client safe.dnsbl.sorbs.net
> permit_auth_destination
> reject
> smtpd_restriction_classes = must_be_valid_squirrel_sender
> restrict_list_client_access
> restrict_list_sender_accesrestrict_list_cluster_access
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = check_recipient_access pcre:/etc/postfix/rules/listes_sender_access
> check_client_access hash:/etc/postfix/rules/squirrel_ip
> check_sender_access hash:/etc/postfix/rules/access
> permit_sasl_authenticated
> permit_mynetworks
> reject_unknown_recipient_domain
> check_sender_access hash:/etc/postfix/rules/stluc
> check_client_access hash:/etc/postfix/rules/access
> reject_unknown_sender_domain
> smtpd_soft_error_limit = ${stress?1}${stress:10}
> smtpd_tls_CAfile = /etc/postfix/ssl/ct_root.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-cert.pem
> smtpd_tls_key_file = /etc/postfix/ssl/smtp.sgsi.ucl.ac.be-key.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:/var/spool/postfix/.cache/smtpd_scache
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> transport_maps = hash:/etc/postfix/relais/transport
> hash:/etc/postfix/relais/virtual_relais
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = hash:/etc/postfix/relais/virtual_aliases
>
>
> In smtpd_recipient_restrictions, I have put the lines
>
> permit_sasl_authenticated
> permit_mynetworks
>
> before
> reject_unlisted_recipient
>
>
> but when I send an email from 10.1.5.2 (within my networks) I get the following in the logfile :
>
> Nov 16 19:32:31 smtp-1 postfix/smtpd[8626]: connect from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2]
> Nov 16 19:32:43 smtp-1 postfix/smtpd[8626]: NOQUEUE: reject: RCPT from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2]: 550 5.1.1 <totouclouvain.be>: Recipient address rejected: User unknown in relay recipient table; from=<tutuuclouvain.be> to=<totouclouvain.be> proto=SMTP helo=<smtp2.sgsi.ucl.ac.be>
> Nov 16 19:32:51 smtp-1 postfix/smtpd[8626]: disconnect from smtp-2.sipr-dc.ucl.ac.be[10.1.5.2]
>
>
> What's wrong ?
>
> Thanks
> --
> Pascal
>

It seems that I have to add

smtpd_reject_unlisted_recipient = no

to the main.cf

And if I will only permit authentified users to use wrong addresses (by mistake), I have to declare :

        permit_sasl_authenticated
        reject_unlisted_recipient
        permit_mynetworks

Correct ?

Thanks,
--
Pascal

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]