Hallo Andreas,
-----Ursprüngliche Nachricht----- Von: Andreas Feile [mailto:lists@feile.net] Gesendet: Dienstag, 27. April 2004 09:30 An: suse-linux@suse.com Betreff: Postfix - Relaying denied
Hallo Liste.
In folgender Frage mit Postfix komme ich nicht weiter:
Habe hier ein Class-C-Netzwerk, in dem ein postfix läuft. Alle Clients dürfen ihre Mails dort abladen, und postfix transportiert sie auch, egal ob intern oder extern. So weit, so gut.
[...]
Kann mir jemand auf die Sprünge helfen?
such mal in der main.cf nach: smtpd_recipient_restrictions Ich zitier hierzu mal aus der Webmin-Hilfe zu diesem Parameter: This parameter specifies restrictions on recipient addresses that SMTP clients can send in RCPT TO commands. By default, Postfix relays mail: * from trusted clients whose IP address matches $mynetworks, * from trusted clients matching $relay_domains or subdomains thereof, * from untrusted clients to destinations that match $relay_domains or subdomains thereof, except addresses with sender-specified routing. The default relay_domains value is $mydestination. In addition to the above, the Postfix SMTP server by default accepts mail that Postfix is final destination for: * destinations that match $inet_interfaces, * destinations that match $mydestination, * destinations that match $virtual_maps. These destinations do not need to be listed in $relay_domains. The following restrictions are available (* is part of default setting): * *permit_mynetworks: permit if the client address matches $mynetworks. * reject_unknown_client: reject the request if the client hostname is unknown. * reject_maps_rbl: reject if the client is listed under $maps_rbl_domains. * reject_invalid_hostname: reject HELO hostname with bad syntax. * reject_unknown_hostname: reject HELO hostname without DNS A or MX record. * reject_unknown_sender_domain: reject sender domain without A or MX record. * *check_relay_domains: permit only mail: o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps, o from trusted clients matching $relay_domains or subdomain thereof, o from untrusted clients to destinations matching $relay_domains or subdomain thereof (except addresses with sender-specified routing). Reject anything else. * permit_auth_destination: permit mail: o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps, o to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing. * reject_unauth_destination: reject mail unless it is sent o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps, o to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing. * reject_unauth_pipelining: reject mail from improperly pipelining spamware * permit_mx_backup: accept mail for sites that list me as MX host. * reject_unknown_recipient_domain: reject domains without A or MX record. * check_recipient_access maptype:mapname: look up recipient address, parent domain, or localpart@. Reject if result is REJECT or "[45]xx text". Permit otherwise. * check_client_access maptype:mapname: see smtpd_client_restrictions. * check_helo_access maptype:mapname: see smtpd_helo_restrictions. * check_sender_access maptype:mapname: see smtpd_sender_restrictions. * reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form. * reject_non_fqdn_sender: reject sender address that is not in FQDN form. * reject_non_fqdn_recipient: reject recipient address that is not in FQDN form. * reject: reject the request. Place this at the end of a restriction. * permit: permit the request. Place this at the end of a restriction. Restrictions are applied in the order as specified; the first restriction that matches wins. Specify a list of restrictions, separated by commas and/or whitespace. Continue long lines by starting the next line with whitespace. NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL: reject, check_relay_domains, reject_unauth_destination Ich hoffe das hilft Dir erst mal weiter, sonst fällt mir noch ein, daß man das Ganze vielleicht auch mit smtp-auth realisieren könnte, oder? -Peter