Portál AbcLinuxu, 10. května 2025 11:12
smtpd_recipient_restrictions.
Vytvořím soubor /etc/postfix/recipient_blacklist:
email.address1@xxx.com REJECT email.address2@yyy.com REJECTProženu ho příkazem
postmap /etc/postfix/recipient_blacklista v
/etc/postfix/main.cf mám
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/recipient_blacklist
Server jsem samozřejmě restartoval.
Postfix však na adresy z blacklistu stále maily doručuje a rejecty ignoruje. Zkoušel jsem dát check_recipient_access i na začátek seznamu, bez výsledku. V mail logu není nikde žádná zmínka o rejectu nebo o nějaké chybě. Co může být špatně? Celý konfigurák přiládám níže. Jde o SUSE-11.3, Postfix 2.9.4 (s těmi starožitnými verzemi bohužel nic neudělám, je to instalace u zákazníka).
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = HOSTNAME
delay_warning_time = 1h
message_strip_characters = \0
inet_interfaces = localhost
masquerade_domains =.
mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = reject_unauth_destination
permit_mynetworks,
check_recipient_access hash:/etc/postfix/recipient_blacklist
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
disable_dns_lookups = yes
inet_interfaces = 127.0.0.1, IP
myhostname = MYHOSTNAME
relayhost = 127.0.0.1:10025
Řešení dotazu:
alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 defer_transports = delay_warning_time = 1h disable_dns_lookups = yes disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix-doc/html inet_interfaces = 127.0.0.1, IP inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 message_strip_characters = \0 mydestination = $myhostname, localhost.$mydomain myhostname = HOSTNAME mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES relayhost = 127.0.0.1:10025 relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix-doc/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = reject_unauth_destination, permit_mynetworks, check_recipient_access hash:/etc/postfix/recipient_blacklist smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtualRelevantní výpis z /var/log/mail:
Jul 30 07:44:36 sap09670 postfix/smtpd[8792]: connect from HOSTNAME[IP] Jul 30 07:44:38 sap09670 postfix/smtpd[8792]: 8DEC9642B2: client=HOSTNAME[IP] Jul 30 07:44:38 sap09670 postfix/cleanup[7772]: 8DEC9642B2: message-id=<20150730054438.8DEC9642B2@HOSTNAME> Jul 30 07:44:38 sap09670 postfix/smtpd[8792]: disconnect from HOSTNAME[IP] Jul 30 07:44:38 sap09670 postfix/qmgr[18580]: 8DEC9642B2: from=<muj@mail.com>, size=485, nrcpt=1 (queue active) Jul 30 07:44:38 sap09670 postfix/smtp[7744]: 8DEC9642B2: to=<muj@mail.com>, relay=localhost[127.0.0.1]:10025, delay=0.02, delays=0.02/0/0/0, dsn=2.0.0, status=sent (250 I got it darlin'.) Jul 30 07:44:38 sap09670 postfix/qmgr[18580]: 8DEC9642B2: removed
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_blacklist
permit_mynetworks,
reject_unauth_destination,
i tuto:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_blacklista chování je pořád stejné.
postmap -q se zda být nastavení v pořádku:
$ /usr/sbin/postmap -q muj@email.com hash:/etc/postfix/recipient_blacklist REJECTa pokud nastavím pouze
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_blacklist,
reject_unauth_destination
bez toho permit_mynetworks, pak by mail projít neměl ani ze stroje z mynetworks, ne? Bohužel i s touhle konfigurací maily pořád chodí...
/etc/init.d/postfix restarta veškeré výpisy (i ve
/var/log/mail) se tvářily, že restart proběhl úspěšně, ve skutečnosti jsem objevil visící proces /usr/lib/postfix/master. Po jeho zabití natvrdo a nastartování nového procesu už všechno funguje jak má 
.
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.