Postfix - restrictions

P

Petr Stepanek

New Member
Nov 1, 2018
18
6
3
37
Hello,

could somebody explain me what is the purpose of this part in main.cf.in file?

Code: 
smtpd_sender_restrictions =
        check_client_access     cidr:/etc/postfix/clientaccess
        check_recipient_access  regexp:/etc/postfix/rcptaccess

smtpd_recipient_restrictions =
[%- IF postfix.usepolicy %] check_sender_access  regexp:/etc/postfix/senderaccess[% END %]
[%- IF postfix.usepolicy %] check_client_access  cidr:/etc/postfix/clientaccess[% END %]

I thought that "check_client_access" is applicable only in "smtpd_client_restrictions", "check_sender_access" only in "smtpd_sender_restrictions" and "check_recipient_access" only in "smtpd_recipient_restrictions".

Thank you for explanation.

Petr
 
Petr Stepanek said:
I thought that "check_client_access" is applicable only in "smtpd_client_restrictions", "check_sender_access" only in "smtpd_sender_restrictions" and "check_recipient_access" only in "smtpd_recipient_restrictions".
Click to expand...

Don't think so. Or do you have a real problem with the white/backliste settings?
 
dietmar said:
Don't think so. Or do you have a real problem with the white/backliste settings?
Click to expand...
No, I only wanted to understand it.

But I have problem with "smtpd_helo_restrictions". I am still receiving "Helo command rejected: need fully-qualified hostname" event though I have my IP address in mynetworks. I thought that this configuration says that there is no helo checks for client which is in "mynetworks".
Code: 
smtpd_helo_restrictions =
        permit_mynetworks
        reject_non_fqdn_helo_hostname
        reject_invalid_helo_hostname
 
I don't think so. I need to skip helo check for one server which will mail to my relay domains - common external connection (TCP 25). I thought that if I use "permit_mynetworks" in helo restriction and this server will have IP address which is in "mynetworks" next helo restrictions will be skipped.
 
Th internal port is configured with (master.cf):

26 inet n - - - 99 smtpd
-o content_filter=scan:127.0.0.1:10023
-o smtpd_recipient_restrictions=permit_mynetworks,reject_unauth_destination
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=

So there should be no helo restriction at all. So I really think you connect toö the wrong port.
 
You are right. If I used port 26 I would not have problem but it is not my server. It is foreign server with misconfigured helo header so I am not able to force them to connect to port 26. I hoped that insert IP address of this server to mynetworks resolve this issue.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back