sender_access doesn't reject email address.
as title.
I have configured sender_access to reject some email address and done all the commands described here:
but I continue to receive the email that I marked as REJECT
Why?
Thanks.
10 Replies
@skavoovie:
Post your relevant portions of your main.cf (e.g. smtpdreceipientrestrictions, and other client restriction parameters configured), sample from your sender_access file, and log snippet from delivery not blocked.
main.cf
smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
#reject_non_fqdn_helo_hostname,
#reject_invalid_helo_hostname,
permit
# Sender restrictions:
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
#reject_non_fqdn_sender,
#reject_unknown_sender_domain,
permit
# Recipient restrictions:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
#reject_unauth_pipelining,
#reject_non_fqdn_recipient,
#reject_unknown_recipient_domain,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org,
# reject_rbl_client bl.spamcop.net,
# check_policy_service unix:postgrey/socket,
permit
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
sender_access:
google.com OK
aesha9years@gmail.com REJECT
lolylol88@gmail.com REJECT
Log does not log anything regarding the problem since the email is not blocked at all.
I added one of my email address to the sender_access REJECT and than tryed to send me the email from my external mail address to the one managed from my vps, the email is correctly delivered.
# postmap /etc/postfix/sender_access
@skavoovie:
Log excerpt.
Nov 16 18:49:05 netstar postfix/smtpd[14846]: connect from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: setting up TLS connection from "MY_IP_hided"
Nov 16 18:49:05 netstar postfix/smtpd[14846]: Anonymous TLS connection established from"MY_IP_hided": TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername
Nov 16 18:49:06 netstar postfix/cleanup[14854]: 999078E004: message-id=<4EC3F75C.5030104@gmail.com>
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: from=<email@gmail.com>, size=630, nrcpt=1 (queue active)
Nov 16 18:49:06 netstar postfix/local[14855]: 999078E004: to=<myvpsemail>, orig_to=<myvpsemail>, relay=local, delay=0.44, delays=0.42/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Nov 16 18:49:06 netstar postfix/qmgr[14837]: 999078E004: removed
Nov 16 18:49:07 netstar postfix/smtpd[14846]: disconnect from "MY_IP_hided"</myvpsemail></myvpsemail></email@gmail.com>
As you can see the email I sent from gmail to my vps is correctly delivered
@Stever:
Have you run postmap after updating your sender_access file?
# postmap /etc/postfix/sender_access
sure and restarted postfix.
@sblantipodi:
Nov 16 18:49:06 netstar postfix/smtpd[14846]: 999078E004: client="MY_IP_hided", sasl_method=PLAIN, sasl_username=myusername
You have permitsaslauthenticated before your checksenderaccess in smtpdrecipientrestrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.
@Stever:
You have permitsaslauthenticated before your checksenderaccess in smtpdrecipientrestrictions, so if you are connecting with SASL the sender_access restrictions don't get checked.
you good, you got it
many thanks