Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
postfix selective relay
- Thread starter datadan
- Start date
ericbrunson
Technical User
/etc/postfix/main
It should be obvious if you read the comments in the file.
It should be obvious if you read the comments in the file.
- Thread starter
- #3
ericbrunson,
Thank you for the reponse. I read through the mail.cf file and it was not readily apparent. Attached is my posfix config. Perhaps you can be more specific. We are not using the access.db, which is where I used to control this with sendmail.
I have recently taken ownership of a failrly large install and I need to be cautious about making changes. I have reviewed most files in the /etc/postifix directory and have not found anything that appears to allow me to allow/disallow relay traffic through the server with a specified IP address.
Thank you for any additional light you can shed on this issue.
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.foo.com
local_recipient_maps =
alias_maps = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
content_filter = smtp:[127.0.0.1]:10024
receive_override_options = no_address_mappings
biff = no
notify_classes = delay, protocol, resource, software
disable_vrfy_command = yes
smtpd_banner = $myhostname NO UCE ESMTP
message_size_limit = 20480000
smtpd_etrn_restrictions =
smtpd_history_flush_threshold = 100
smtpd_noop_commands =
smtpd_recipient_limit = 1000
smtpd_timeout = 300s
smtpd_error_sleep_time = 5
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 100
strict_rfc821_envelopes = no
mynetworks = 127.0.0.0/8
smtpd_helo_required = no
body_checks = regexp:/etc/postfix/maps/body_checks
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
# smtpd_recipient_restrictions = permit_mynetworks
# smtpd_recipient_restrictions = permit_mynetworks
# permit_sasl_authenticated
smtpd_recipient_restrictions = permit_sasl_authenticated
reject_unauth_destination
# check_sender_access hash:/etc/postfix/maps/disallow_my_domain
check_recipient_access hash:/etc/postfix/maps/spamtrap
reject_unauth_pipelining
reject_non_fqdn_sender
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/maps/mx_access
reject_multi_recipient_bounce
reject_non_fqdn_recipient
reject_unknown_recipient_domain
check_recipient_mx_access hash:/etc/postfix/maps/mx_access
check_sender_access hash:/etc/postfix/maps/frequently_forged_senders
check_client_access hash:/etc/postfix/maps/blocked_ips
permit
address_verify_map = hash:/etc/postfix/maps/verify
allow_untrusted_routing = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
transport_maps=mysql:/etc/postfix/maps/transport.cf
virtual_mailbox_maps=mysql:/etc/postfix/maps/mysql_virt.cf
virtual_uid_maps=mysql:/etc/postfix/maps/uids.cf
virtual_gid_maps=mysql:/etc/postfix/maps/gids.cf
virtual_mailbox_base=/
mydestination=$mydomain, $myhostname, $transport_maps
virtual_maps=mysql:/etc/postfix/maps/virtual.cf
maildrop_destination_recipient_limit = 1
smtpd_tls_cert_file = /etc/httpd/conf/ssl.crt/mail_foo_com.crt
smtpd_tls_key_file = /etc/httpd/conf/ssl.key/mail_foo_com.key
smtpd_tls_CAfile = /etc/httpd/conf/ssl.crt/ComodoSecurityServicesCA.crt
smtpd_use_tls = yes
smtpd_tls_session_cache_timeout = 3600s
aliases map
local_transport = local
unknown_local_recipient_reject_code = 450
html_directory = no
Thank you for the reponse. I read through the mail.cf file and it was not readily apparent. Attached is my posfix config. Perhaps you can be more specific. We are not using the access.db, which is where I used to control this with sendmail.
I have recently taken ownership of a failrly large install and I need to be cautious about making changes. I have reviewed most files in the /etc/postifix directory and have not found anything that appears to allow me to allow/disallow relay traffic through the server with a specified IP address.
Thank you for any additional light you can shed on this issue.
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.foo.com
local_recipient_maps =
alias_maps = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
content_filter = smtp:[127.0.0.1]:10024
receive_override_options = no_address_mappings
biff = no
notify_classes = delay, protocol, resource, software
disable_vrfy_command = yes
smtpd_banner = $myhostname NO UCE ESMTP
message_size_limit = 20480000
smtpd_etrn_restrictions =
smtpd_history_flush_threshold = 100
smtpd_noop_commands =
smtpd_recipient_limit = 1000
smtpd_timeout = 300s
smtpd_error_sleep_time = 5
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 100
strict_rfc821_envelopes = no
mynetworks = 127.0.0.0/8
smtpd_helo_required = no
body_checks = regexp:/etc/postfix/maps/body_checks
smtpd_client_restrictions =
smtpd_helo_restrictions =
smtpd_sender_restrictions =
# smtpd_recipient_restrictions = permit_mynetworks
# smtpd_recipient_restrictions = permit_mynetworks
# permit_sasl_authenticated
smtpd_recipient_restrictions = permit_sasl_authenticated
reject_unauth_destination
# check_sender_access hash:/etc/postfix/maps/disallow_my_domain
check_recipient_access hash:/etc/postfix/maps/spamtrap
reject_unauth_pipelining
reject_non_fqdn_sender
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/maps/mx_access
reject_multi_recipient_bounce
reject_non_fqdn_recipient
reject_unknown_recipient_domain
check_recipient_mx_access hash:/etc/postfix/maps/mx_access
check_sender_access hash:/etc/postfix/maps/frequently_forged_senders
check_client_access hash:/etc/postfix/maps/blocked_ips
permit
address_verify_map = hash:/etc/postfix/maps/verify
allow_untrusted_routing = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
transport_maps=mysql:/etc/postfix/maps/transport.cf
virtual_mailbox_maps=mysql:/etc/postfix/maps/mysql_virt.cf
virtual_uid_maps=mysql:/etc/postfix/maps/uids.cf
virtual_gid_maps=mysql:/etc/postfix/maps/gids.cf
virtual_mailbox_base=/
mydestination=$mydomain, $myhostname, $transport_maps
virtual_maps=mysql:/etc/postfix/maps/virtual.cf
maildrop_destination_recipient_limit = 1
smtpd_tls_cert_file = /etc/httpd/conf/ssl.crt/mail_foo_com.crt
smtpd_tls_key_file = /etc/httpd/conf/ssl.key/mail_foo_com.key
smtpd_tls_CAfile = /etc/httpd/conf/ssl.crt/ComodoSecurityServicesCA.crt
smtpd_use_tls = yes
smtpd_tls_session_cache_timeout = 3600s
aliases map
local_transport = local
unknown_local_recipient_reject_code = 450
html_directory = no
There should be heavily-commented sample configuration files that you can look at. I think most people use one and just modify it, hence the previous reply.
Set "mynetworks" to include the desired IP addresses. Barring any smtp_client_restrictions entry, I think that's all you need. mynetworks indicates a trusted network which is able to relay.
Set "mynetworks" to include the desired IP addresses. Barring any smtp_client_restrictions entry, I think that's all you need. mynetworks indicates a trusted network which is able to relay.
- Status
Similar threads
- Locked
- Question
- Locked
- Question