Postfix Check Order

K

koby

Renowned Member
Jun 21, 2012
138
4
83
Natanya , Israel
I would like to know if I can set the postfix check order ,
because I need that the "check_recipient_access" will be checked
before all the blacklist ,
why , because if I get mail to unavailable address ,
I do not want to check any further and have a "reject" status

I did set the needed line as follow :
" check_recipient_access hash:/etc/postfix/rcpt_allow"
And also set the map as needed , and it's working fine , but NOT accroding the the order I need.

Please advice
Best regards ,
Koby Peleg Hen
 
The checks on postfix level should be controlled by their order in the postfix main.cf - if you need to change that you need to use the templateing system (and afterwards run `pmgconfig sync` and restart postfix):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

However:
which blacklist are you referring to? - The rule-system only is reached if postfix does not reject a mail before - so this should not happen if the mail is rejected by postfix

please share some logs and the config
 
Hi all ,


Here is the Log from arrived mail example :
(note : the recipient does not exists on my server)

Code: 
Apr  9 08:21:35 smg-lab01 postfix/postscreen[31763]: CONNECT from [134.73.134.134]:55390 to [95.217.215.74]:25
Apr  9 08:21:35 smg-lab01 postfix/dnsblog[31764]: addr 134.73.134.134 listed by domain ***.combined.mail.abusix.zone as 127.0.0.3
Apr  9 08:21:35 smg-lab01 postfix/dnsblog[31764]: addr 134.73.134.134 listed by domain ***.combined.mail.abusix.zone as 127.0.0.12
Apr  9 08:21:35 smg-lab01 postfix/dnsblog[31764]: addr 134.73.134.134 listed by domain ***.combined.mail.abusix.zone as 127.0.0.2
Apr  9 08:21:35 smg-lab01 postfix/dnsblog[31768]: addr 134.73.134.134 listed by domain ***.zen.dq.spamhaus.net as 127.0.0.3
Apr  9 08:21:41 smg-lab01 postfix/postscreen[31763]: DNSBL rank 2 for [134.73.134.134]:55390
Apr  9 08:21:42 smg-lab01 postfix/postscreen[31763]: NOQUEUE: reject: RCPT from [134.73.134.134]:55390: 550 5.7.1 Service unavailable; client [134.73.134.134] blocked using mail.abusix.zone; from=<cross@hardhike.cam>, to=<meir@mksoft.co.il>, proto=ESMTP, helo=<hardhike.cam>
Apr  9 08:21:42 smg-lab01 postfix/postscreen[31763]: DISCONNECT [134.73.134.134]:55390

Here Is the relevant line on main.cf

Code: 
postscreen_access_list =
        permit_mynetworks,
        cidr:/etc/postfix/postscreen_access

smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        reject_non_fqdn_recipient
        check_recipient_access  regexp:/etc/postfix/rcptaccess
      
        check_recipient_access hash:/etc/postfix/rcpt_allow
       
        check_sender_access  regexp:/etc/postfix/senderaccess
        check_client_access  cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022


postscreen_dnsbl_sites = ******
postscreen_dnsbl_threshold = 2

As you can see on my main.cf has a line which contain :

Code: 
     check_recipient_access hash:/etc/postfix/rcpt_allow

which come before the blacklist check.
But on the mail arrived example , you can see that it does check the blacklist list even that the recipient (meir@mksoft.co.il)
does NOT exists on my server.

Please advise ,
Koby Peleg Hen
 
koby said:
Here is the Log from arrived mail example :
Click to expand...
this mail was rejected and did arrive:
Code: 
 NOQUEUE: reject: RCPT from [134.73.134.134]:55390: 550 5.7.1 Service unavailable; client [134.73.134.134] blocked using mail.abusix.zone; from=<cross@hardhike.cam>, to=<meir@mksoft.co.il>, proto=ESMTP, helo=<hardhike.cam>
it was rejected during the smtp-dialogue (because 134.73.134.134 was listed on mail.abusix.zone) and there was no need to check the recipient
 
Stoiko Ivanov said:
this mail was rejected and did arrive:
Code: 
 NOQUEUE: reject: RCPT from [134.73.134.134]:55390: 550 5.7.1 Service unavailable; client [134.73.134.134] blocked using mail.abusix.zone; from=<cross@hardhike.cam>, to=<meir@mksoft.co.il>, proto=ESMTP, helo=<hardhike.cam>
it was rejected during the smtp-dialogue (because 134.73.134.134 was listed on mail.abusix.zone) and there was no need to check the recipient
Click to expand...
 
Hello all ,
Does anyone have any idea how can I reject mail because of wrong address before
smtp-dialogue accors (before BackList check)

Best Regrads ,
Koby Peleg Hen
 
koby said:
Hello all ,
Does anyone have any idea how can I reject mail because of wrong address before
smtp-dialogue accors (before BackList check)
Click to expand...
Why would you want to reject a mail, before it gets rejected anyways?
(the RBL-checks in postscreen are rather early in PMG's configuration)

You can adapt the postfix config (e.g. `postscreen_access_list`)

I hope this helps!
 
Because I pay by the query.
Yesterday I had 220K !!! of junk and none of them is sending to any of my client right address.
This is why.

Best Regards ,
Koby Peleg Hen
 
You must log in or register to reply here.
Top Bottom