Linode Forum
https://forum.linode.com/

sender_access doesn't reject email address.
https://forum.linode.com/viewtopic.php?f=11&t=8010
Page 1 of 1

Author:  sblantipodi [ Mon Nov 07, 2011 7:23 am ]
Post subject:  sender_access doesn't reject email address.

Hi all,
as title.

I have configured sender_access to reject some email address and done all the commands described here:
http://www.cyberciti.biz/faq/howto-blac ... l-address/

but I continue to receive the email that I marked as REJECT

Why?

Thanks.

Author:  sblantipodi [ Tue Nov 08, 2011 2:39 pm ]
Post subject: 

bumping the question.

Author:  sblantipodi [ Sun Nov 13, 2011 9:37 am ]
Post subject: 

no one have idea?

Author:  skavoovie [ Tue Nov 15, 2011 11:07 pm ]
Post subject: 

Post your relevant portions of your main.cf (e.g. smtpd_receipient_restrictions, and other client restriction parameters configured), sample from your sender_access file, and log snippet from delivery not blocked.

Author:  sblantipodi [ Wed Nov 16, 2011 8:03 am ]
Post subject: 

skavoovie wrote:
Post your relevant portions of your main.cf (e.g. smtpd_receipient_restrictions, and other client restriction parameters configured), sample from your sender_access file, and log snippet from delivery not blocked.


main.cf
Code:
smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    #reject_non_fqdn_helo_hostname,
    #reject_invalid_helo_hostname,
    permit
# Sender restrictions:
smtpd_sender_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    #reject_non_fqdn_sender,
    #reject_unknown_sender_domain,
    permit
# Recipient restrictions:
smtpd_recipient_restrictions =
   permit_mynetworks,
   permit_sasl_authenticated,
   #reject_unauth_pipelining,
   #reject_non_fqdn_recipient,
   #reject_unknown_recipient_domain,
   reject_unauth_destination,
   check_sender_access hash:/etc/postfix/sender_access,
   reject_rbl_client zen.spamhaus.org,
#   reject_rbl_client bl.spamcop.net,
#   check_policy_service unix:postgrey/socket,
   permit

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous


sender_access:
Code:
google.com                          OK
aesha9years@gmail.com               REJECT
lolylol88@gmail.com                 REJECT


Log does not log anything regarding the problem since the email is not blocked at all.
I added one of my email address to the sender_access REJECT and than tryed to send me the email from my external mail address to the one managed from my vps, the email is correctly delivered.

Author:  skavoovie [ Wed Nov 16, 2011 10:36 am ]
Post subject: 

Log excerpt.

Author:  Stever [ Wed Nov 16, 2011 10:56 am ]
Post subject: 

Have you run postmap after updating your sender_access file?
Code:
# postmap /etc/postfix/sender_access

Author:  sblantipodi [ Wed Nov 16, 2011 1:55 pm ]
Post subject: 

skavoovie wrote:
Log excerpt.


Code:
Nov 16 18:49:05 netstar postfix/smtpd[14846]: connect from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: setting up TLS connection from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: Anonymous TLS connection established from"MY_IP_hided": TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername
Nov 16 18:49:06 netstar postfix/cleanup[14854]: 999078E004: message-id=<4EC3F75C.5030104@gmail.com>
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: from=<email@gmail.com>, size=630, nrcpt=1 (queue active)
Nov 16 18:49:06 netstar postfix/local[14855]: 999078E004: to=<myvpsemail>, orig_to=<myvpsemail>, relay=local, delay=0.44, delays=0.42/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: removed
Nov 16 18:49:07 netstar postfix/smtpd[14846]: disconnect from "MY_IP_hided"


As you can see the email I sent from gmail to my vps is correctly delivered

Author:  sblantipodi [ Wed Nov 16, 2011 1:59 pm ]
Post subject: 

Stever wrote:
Have you run postmap after updating your sender_access file?
Code:
# postmap /etc/postfix/sender_access


sure and restarted postfix.

Author:  Stever [ Wed Nov 16, 2011 2:46 pm ]
Post subject: 

sblantipodi wrote:
Code:
Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername


You have permit_sasl_authenticated before your check_sender_access in smtpd_recipient_restrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.

Author:  sblantipodi [ Wed Nov 16, 2011 3:26 pm ]
Post subject: 

Stever wrote:
You have permit_sasl_authenticated before your check_sender_access in smtpd_recipient_restrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.


you good, you got it ;)
many thanks :)

Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/