Dotaz: Postfix smtpd_recipient_restriction

31.5.2007 16:24 Standula
Postfix smtpd_recipient_restriction

Přečteno: 774×

Odpovědět | Admin

Ahoj,

porad mi neleze do hlavy proc pri konfifuraci Postfix + sasl vsichni davaji do omezeni smtpd_recipient_restrictions = permit_sasl_authenticated.

Podle me je to nesmysl a log postfixu me v tom jen utvrzuje. Priklad. Pokud postfix postu predava k doruceni nevidim zadny dovud, proc by mel byt adresat overovany proti lokali db uzivatelu => vzdy z toho vyjde ze je samozrejme nenalezen.

verbose postfix rika toto:

May 28 18:45:34 mailserver postfix/smtpd[20622]: rewrite_clnt: local: postmaster -> postmaster@posta.cz
Overeni klienta oproti db - v poradku
May 28 18:45:34 mailserver postfix/smtpd[20622]: >>> START Client host RESTRICTIONS <<<
May 28 18:45:34 mailserver postfix/smtpd[20622]: generic_checks: name=permit_sasl_authenticated
May 28 18:45:34 mailserver postfix/smtpd[20622]: generic_checks: name=permit_sasl_authenticated status=1

Nyni se overuje prijemce pres sasl ??
May 28 18:45:34 mailserver postfix/smtpd[20622]: >>> START Recipient address RESTRICTIONS <<<
May 28 18:45:34 mailserver postfix/smtpd[20622]: generic_checks: name=permit_sasl_authenticated
May 28 18:45:34 mailserver postfix/smtpd[20622]: generic_checks: name=permit_sasl_authenticated status=1
May 28 18:45:34 mailserver postfix/smtpd[20622]: >>> CHECKING RECIPIENT MAPS <<<
May 28 18:45:34 mailserver postfix/smtpd[20622]: ctable_locate: leave existing entry key email@prijemce.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: recipient_canonical_maps: email@prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost.posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_list_match: prijemce.cz: no match
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: recipient_canonical_maps: @prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: mail_addr_find: email@prijemce.cz -> (not found)
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: canonical_maps: email@prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost.posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_list_match: prijemce.cz: no match
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: canonical_maps: @prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: mail_addr_find: email@prijemce.cz -> (not found)
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql_get_active: attempting to connect to host 127.0.0.1
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql: successful connection to host 127.0.0.1
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql: successful query from host 127.0.0.1
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql_lookup: retrieved 0 rows
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: virtual_alias_maps: email@prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost.posta.cz
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_string: prijemce.cz ~? localhost
May 28 18:45:34 mailserver postfix/smtpd[20622]: match_list_match: prijemce.cz: no match
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql_get_active: found active connection to host 127.0.0.1
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql: successful query from host 127.0.0.1
May 28 18:45:34 mailserver postfix/smtpd[20622]: dict_mysql_lookup: retrieved 0 rows
May 28 18:45:34 mailserver postfix/smtpd[20622]: maps_find: virtual_alias_maps: @prijemce.cz: not found
May 28 18:45:34 mailserver postfix/smtpd[20622]: mail_addr_find: email@prijemce.cz -> (not found)
May 28 18:45:34 mailserver postfix/smtpd[20622]: smtpd_check_rewrite: trying: permit_inet_interfaces
May 28 18:45:34 mailserver postfix/smtpd[20622]: permit_inet_interfaces: unknown 192.168.1.102
May 28 18:45:34 mailserver postfix/smtpd[20622]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapp
May 28 18:45:34 mailserver postfix/smtpd[20622]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mappi
May 28 18:45:34 mailserver postfix/smtpd[20622]: connect to subsystem public/cleanup
May 28 18:45:34 mailserver postfix/smtpd[20622]: public/cleanup socket: wanted attribute: queue_id
May 28 18:45:34 mailserver postfix/smtpd[20622]: input attribute name: queue_id

At se divam do jakehokoli howto, ci se to snazim pochopit z knihy, nejak mi to nedochazi a kazdej to tam cpe :). Diky vsem :) a doufam ze to brzo pochopim

Nástroje: Začni sledovat (0) ?

Odpovědi

31.5.2007 16:49 pasmen | skóre: 45 | blog: glob | Praha
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

Neni to tak, ze overujes adresata, ale overujes odesilatele na urovni SMTP prikazu RCPT TO:

31.5.2007 17:06 Standula
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

v tom pripade by se melo jednat o omezeni *_sender_* nikoli *_recipient_* ? muj vyklad je mozna spatnej.. a postfix loguje to co loguje a to mi vrta hlavou.

31.5.2007 18:13 pasmen | skóre: 45 | blog: glob | Praha
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

Je tvoje vec, kdy budes pravidla uplatnovat. SMTP prikazy jdou v poradi EHLO/HELO hostname, MAIL FROM:, RCPT TO:, DATA. smtpd_client_restrictions odpovida urovni EHLO/HELO, smtpd_sender_rescrictions odpovida urovni MAIL FORM: atd. Vzdy musis aplikovat pravidla az kdyz znas relevantni udaje. Napr. nemuzes v smtpd_client_restrictions uvest check_recipient_access apod., protoze to na dane urovni SMTP transakce jeste neznas. Na druhou stranu, jakmile udaje znas, muzes je pouzit i v dalsich krocich.

31.5.2007 18:59 Standula
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

dobre tak jinak :) .. proc vsichni davaji do recipient_restrictions sasl authentikaci? kdyz tam postfix posle adresu prijemce coz vzdy vede k selhani overeni platnosti uctu?

31.5.2007 21:59 pasmen | skóre: 45 | blog: glob | Praha
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

Dobre tak stejne :-)

On neoveruje pres SASL adresu prijemce, ale to, co zadate v prikazu AUTH LOGIN popr. AUTH PLAIN. To, ze je permit_sasl_authenticated uvedeno v sekci smtpd_recipient_restrictions znamena jen to, ze to, zda SMTP server zpravu prijme v zavislosti na overeni, se vyhodnoti az po zadani RCPT TO: prikazu. Nic vic, nic min.

31.5.2007 19:10 Libor Klepac | skóre: 45 | Mýto
Rozbalit Rozbalit vše Re: Postfix smtpd_recipient_restriction

klienti overeni pres sasl mohou poslat email libovolnemu prijemci, ne jenom lokalnimu?

Urine should only be green if you're Mr. Spock.

Založit nové vlákno • Nahoru

Tiskni Sdílej: