[opensuse] reject external mail to local address
I am receiving spam to a local address, "at@wahoo....", which is aliased to root and then to me. I would like to limit the receipt of mail to that address to only local mail, but do not know how. I have entered the address in access and header_checks as REJECT, but has no affect. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
I am receiving spam to a local address, "at@wahoo....", which is aliased to root and then to me. I would like to limit the receipt of mail to that address to only local mail, but do not know how.
I guess you mean "limit sending to these adresses to the local server or at least the local network.
I have entered the address in access and header_checks as REJECT, but has no affect.
Wrong tool. The easiest way would be to use a check_recipient_access behind the checks for trusted machines/users: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only .... /etc/postfix/recipients_internal_only: at@example.com 554 internal address only root@example.com 554 internal address only This will block these recipient addresses for all Clients not in your network (and who do not authenticate to your server). Change the order to match your needs. Dont forget to execute "postmap hash:/etc/postfix/recipients_internal_only" after you change the file. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [05-29-07 17:58]:
Wrong tool.
:^)_
The easiest way would be to use a check_recipient_access behind the checks for trusted machines/users:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only ....
added to main.cf (w/o the ... :^)
/etc/postfix/recipients_internal_only: at@example.com 554 internal address only root@example.com 554 internal address only
This will block these recipient addresses for all Clients not in your network (and who do not authenticate to your server). Change the order to match your needs.
made new file will appropriate contents
Dont forget to execute "postmap hash:/etc/postfix/recipients_internal_only" after you change the file.
did that 2 went to an off-site shell account and sent a test msg, and the message *was* delivered :^( Have I erred? tks, -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [05-29-07 17:58]:
Dont forget to execute "postmap hash:/etc/postfix/recipients_internal_only" after you change the file.
did that 2
went to an off-site shell account and sent a test msg, and the message *was* delivered :^(
Have I erred?
Perhaps rcpostfix reload -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Joe Morris (NTM) <Joe_Morris@ntm.org> [05-29-07 18:44]:
Perhaps rcpostfix reload
Thanks, but I did that before I sent the test. :^(\ -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-05-29 at 18:35 -0400, Patrick Shanahan wrote: ...
went to an off-site shell account and sent a test msg, and the message *was* delivered :^(
Have I erred?
Perhaps there is something interesting in the mail log. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGXK8wtTMYHG2NR9URAoGvAJ48gR2xLXTQfk2n2EBUmEJxN7UgTACgibH5 cOxZHu7kzbhjw7XNhVXsPTs= =IrSe -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [05-29-07 19:00]:
Perhaps there is something interesting in the mail log.
Yes, I was watching it as I tested :^). It reported that spamd passed the msg and postfix handed it off to procmail ... -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-05-29 at 19:19 -0400, Patrick Shanahan wrote:
Perhaps there is something interesting in the mail log.
Yes, I was watching it as I tested :^). It reported that spamd passed the msg and postfix handed it off to procmail ...
I'm tired, so what I'm about to say I haven't thought it out carefully ;-) - - You are using fetchmail, I think. Mail handled off from fetchmail to postfix is considered local or remote for the purpose of this new checks? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGXLaGtTMYHG2NR9URAnYpAJ4kXtcFrYZG6BQ5m8GbWSMCVFLnSwCeLiLd 9dr5md6CVRYdVWvDXEJzkKw= =nRfq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [05-29-07 19:29]:
I'm tired, so what I'm about to say I haven't thought it out carefully ;-) - - You are using fetchmail, I think. Mail handled off from fetchmail to postfix is considered local or remote for the purpose of this new checks?
You may have something here. But, according to TFM: As each message is retrieved fetchmail normally delivers it via SMTP to port 25 on the machine it is running on (localhost), just as though it were being passed in over a normal TCP/IP link. fetchmail provides the SMTP server with an envelope recipient derived in the manner described previously. The mail will then be delivered locally via your system's MDA (Mail Delivery Agent, usually sendmail(8) but your system may use a different one such as smail, mmdf, exim, postfix, or qmail). All the delivery-control mechanisms (such as .forward files) normally available through your system MDA and local delivery agents will therefore work automatically. This leads me to believe that mail fetchmail handles is not the same as "local" mail. But I do not see enough in the man pages or know enough to see a next step ... tks, get some rest. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [05-29-07 19:29]:
I'm tired, so what I'm about to say I haven't thought it out carefully ;-) - - You are using fetchmail, I think. Mail handled off from fetchmail to postfix is considered local or remote for the purpose of this new checks?
You may have something here. But, according to TFM:
As each message is retrieved fetchmail normally delivers it via SMTP to port 25 on the machine it is running on (localhost), just as though
Uh, you might want to stop right here with rejecting mails that came in via fetchmail! The recipe that I gave you will only work when the mail is sent directly to your server, not for mails polled with fetchmail. In that case the mail has already been accepted for you (by the provider in your order). Any reject after that will only bounce the mail, not reject it. Additionally, fetchmail uses localhost, so it will probably be in $mynetworks as a trusted host, so the recipe will not work as desired anyway. To make it short: you can only discard (dangerous!) or tag the mails when you work with fetchmail. :-( -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [05-30-07 05:47]: [...]
To make it short: you can only discard (dangerous!) or tag the mails when you work with fetchmail. :-(
tks, -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [05-30-07 05:47]:
Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [05-29-07 19:29]:
I'm tired, so what I'm about to say I haven't thought it out carefully ;-) - - You are using fetchmail, I think. Mail handled off from fetchmail to postfix is considered local or remote for the purpose of this new checks?
You may have something here. But, according to TFM:
As each message is retrieved fetchmail normally delivers it via SMTP to port 25 on the machine it is running on (localhost), just as though
Uh, you might want to stop right here with rejecting mails that came in via fetchmail!
The recipe that I gave you will only work when the mail is sent directly to your server, not for mails polled with fetchmail. In that case the mail has already been accepted for you (by the provider in your order).
Any reject after that will only bounce the mail, not reject it.
Additionally, fetchmail uses localhost, so it will probably be in $mynetworks as a trusted host, so the recipe will not work as desired anyway.
To make it short: you can only discard (dangerous!) or tag the mails when you work with fetchmail. :-(
Guess I went brain dead at this point. I do use fetchmail, but only for non-local/hosted accounts such as gmail. For my local domain, wahoo.no-ip.org, I received mail via postfix only. And from my logs the suggest changes to /etc/postfix/recipients_internal_only: at@example.com 554 internal address only root@example.com 554 internal address only and /etc/postfix/main.cf, inclusion of above under smtpd_recipient_restrictions have had the desired effect.... thankyou much, -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [05-30-07 05:47]:
The recipe that I gave you will only work when the mail is sent directly to your server, not for mails polled with fetchmail. In that case the mail has already been accepted for you (by the provider in your order).
Any reject after that will only bounce the mail, not reject it.
Additionally, fetchmail uses localhost, so it will probably be in $mynetworks as a trusted host, so the recipe will not work as desired anyway.
To make it short: you can only discard (dangerous!) or tag the mails when you work with fetchmail. :-(
Guess I went brain dead at this point. I do use fetchmail, but only
Well, the scientists will be glad. Finally the question is solved how long it takes a dead man to rise up again. (^-^)
for non-local/hosted accounts such as gmail. For my local domain, wahoo.no-ip.org, I received mail via postfix only.
And from my logs the suggest changes to /etc/postfix/recipients_internal_only: at@example.com 554 internal address only root@example.com 554 internal address only
and /etc/postfix/main.cf, inclusion of above under smtpd_recipient_restrictions
To be exact, it should be added after reject_unauth_destination. the explicit version is "check_recipient_access hash:/etc/postfix/recipients_internal_only". Check_recipient_access is automatically assumed if the file was added to smtpd_recipient_restrictions. smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [06-25-07 08:26]:
To be exact, it should be added after reject_unauth_destination. the explicit version is "check_recipient_access hash:/etc/postfix/recipients_internal_only". Check_recipient_access is automatically assumed if the file was added to smtpd_recipient_restrictions.
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only
Yes, and this works *until* I run SuSEconfig and then main.cf goes back to the previous version. What do I have to do to make the change stick? thanks, -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [06-25-07 08:26]:
To be exact, it should be added after reject_unauth_destination. the explicit version is "check_recipient_access hash:/etc/postfix/recipients_internal_only". Check_recipient_access is automatically assumed if the file was added to smtpd_recipient_restrictions.
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipients_internal_only
Yes, and this works *until* I run SuSEconfig and then main.cf goes back to the previous version. What do I have to do to make the change stick?
File a bugreport for that behaviour. (^-^) Yast should detect automatically that the md5sum of main.cf has changed and keep away from doing any further changes. Another way is to tell Yast not to configure Postfix. Try to set MAIL_CREATE_CONFIG="no" in /etc/sysconfig/mail. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [06-26-07 19:05]:
File a bugreport for that behaviour. (^-^)
I will do that
Yast should detect automatically that the md5sum of main.cf has changed and keep away from doing any further changes. Another way is to tell Yast not to configure Postfix.
It will and gives a warning and it skips main.cf , but deleting the md5sum should allow it to proceed and include main.cf
Try to set MAIL_CREATE_CONFIG="no" in /etc/sysconfig/mail.
this works, but now main.cf is not checked, no md5sum is generated. -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Patrick Shanahan <ptilopteri@gmail.com> [06-26-07 19:32]:
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [06-26-07 19:05]:
File a bugreport for that behaviour. (^-^)
I will do that
Bug #287746 -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Patrick Shanahan wrote:
* Sandy Drobic <suse-linux-e@japantest.homelinux.com> [06-26-07 19:05]:
File a bugreport for that behaviour. (^-^)
I will do that
Yast should detect automatically that the md5sum of main.cf has changed and keep away from doing any further changes. Another way is to tell Yast not to configure Postfix.
It will and gives a warning and it skips main.cf , but deleting the md5sum should allow it to proceed and include main.cf
That is okay, as long as SuSEConfig does not touch main.cf or master.cf anymore.
Try to set MAIL_CREATE_CONFIG="no" in /etc/sysconfig/mail.
this works, but now main.cf is not checked, no md5sum is generated.
Fine with me. (^-^) -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2007-05-29 at 17:42 -0400, Patrick Shanahan wrote:
I am receiving spam to a local address, "at@wahoo....", which is aliased to root and then to me. I would like to limit the receipt of mail to that address to only local mail, but do not know how.
I have entered the address in access and header_checks as REJECT, but has no affect.
I set this up many moons ago so I don't remember where I got the info from. Perhaps webmin had info on it. I have a file in /etc/postfix called incoming_access that has entries like the following: root@ permit_mynetworks,reject mailer-daemon@ permit_mynetworks,reject virusalert@ permit_mynetworks,reject administrator@ permit_mynetworks,reject daemon@ permit_mynetworks,reject lp@ permit_mynetworks,reject news@ permit_mynetworks,reject uucp@ permit_mynetworks,reject There are many more entries. In main.cf I have an entry as follows (all on one line): smtpd_recipient_restrictions = hash:/etc/postfix/incoming_access,permit_mynetworks,reject_unauth_destination Some of the entries I know are not kosher, especially the one for mailer-daemon, but I no longer get mail for root or any others in the list unless it comes from my local domain. You'll need to run postmap /etc/postfix/incoming_access and restart postfix for this to work. Hope this helps. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R. -
Joe Morris (NTM) -
Kenneth Schneider -
Patrick Shanahan -
Sandy Drobic