check_client_access setup

Discussion:

(too old to reply)

Morten Winther

2003-09-28 14:21:35 UTC

Hello,

I have some problem getting check_client_access to work.

I now have this in my main.cf:

smtpd_client_restrictions = check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_rbl_client dev.null.dk,
reject_rbl_client relays.ordb.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
permit_mynetworks

I've checked the mysql log:

88 Query select id from smtp_allow where ip =
'port553.ds1-vby.adsl.cybercity.dk'
88 Query select id from smtp_allow where ip =
'ds1-vby.adsl.cybercity.dk'
88 Query select id from smtp_allow where ip = 'adsl.cybercity.dk'
88 Query select id from smtp_allow where ip = 'cybercity.dk'
88 Query select id from smtp_allow where ip = 'dk'
88 Query select id from smtp_allow where ip = '217.157.161.246'

The output of "select id from smtp_allow where ip = '217.157.161.246'"
is "OK".

I'm still not able to send mail from 217.157.161.246:

Out: 220 aphrodite.o0o.dk ESMTP Postfix
In: mail from: ***@mymail.dk
Out: 250 Ok
In: rcpt to: ***@othermail.dk
Out: 554 <***@othermail.dk>: Relay access denied
In: QUIT
Out: 221 Bye

What to do now? Have read the docs. If I missed something please direct
me to the right place.

Best regards

Morten

# postconf -n
alias_maps = mysql:/usr/local/etc/postfix/sql-local_alias.cf
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
local_recipient_maps = $alias_maps unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 51200000
mime_header_checks = pcre:/usr/local/etc/postfix_mimeheaders
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
notify_classes = bounce, delay, resource, software, policy, protocol
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_client_restrictions = check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_rbl_client dev.null.dk,
reject_rbl_client relays.ordb.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
permit_mynetworks
smtpd_recipient_limit = 51200000
transport_maps = mysql:/usr/local/etc/postfix/sql-transport.cf
unknown_local_recipient_reject_code = 450
virtual_alias_domains =
mysql:/usr/local/etc/postfix/sql-virtual_alias_domain.cf
virtual_alias_maps = mysql:/usr/local/etc/postfix/sql-virtual_alias.cf
virtual_gid_maps = static:1002
virtual_mailbox_base = /usr/virmail
virtual_mailbox_domains =
mysql:/usr/local/etc/postfix/sql-virtual_mailbox_domain.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/sql-virtual_mailbox.cf
virtual_uid_maps = static:1002

Wietse Venema

2003-09-28 14:25:22 UTC

Permalink

Post by Morten Winther
Hello,
I have some problem getting check_client_access to work.
smtpd_client_restrictions = check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_rbl_client dev.null.dk,
reject_rbl_client relays.ordb.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
permit_mynetworks
88 Query select id from smtp_allow where ip =
'port553.ds1-vby.adsl.cybercity.dk'
88 Query select id from smtp_allow where ip =
'ds1-vby.adsl.cybercity.dk'
88 Query select id from smtp_allow where ip = 'adsl.cybercity.dk'
88 Query select id from smtp_allow where ip = 'cybercity.dk'
88 Query select id from smtp_allow where ip = 'dk'
88 Query select id from smtp_allow where ip = '217.157.161.246'
The output of "select id from smtp_allow where ip = '217.157.161.246'"
is "OK".
Out: 220 aphrodite.o0o.dk ESMTP Postfix
Out: 250 Ok
In: QUIT
Out: 221 Bye
What to do now? Have read the docs. If I missed something please direct
me to the right place.

Start with the DEFAULT main.cf file.

Then make changes ONE AT A TIME. Test Postfix AFTER EACH CHANGE.

Wietse

Morten Winther

2003-09-28 14:31:52 UTC

Permalink

Post by Wietse Venema

Post by Morten Winther
What to do now? Have read the docs. If I missed something please direct
me to the right place.

Start with the DEFAULT main.cf file.
Then make changes ONE AT A TIME. Test Postfix AFTER EACH CHANGE.
Wietse

Thanx for the fast answer.

I already had a perfekt working postfix setup. Just wanted a
web-before-smtp service.

The check_client_access was the only line I added. So it was "one at a time"

But I think it working now. I just added check_client_access to
smtpd_recipient_restrictions as well.

Seems to work so if no one has anything bad to say about this setup its
fine.

smtpd_client_restrictions = permit_mynetworks,
check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_rbl_client dev.null.dk,
reject_rbl_client relays.ordb.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl

smtpd_recipient_restrictions = permit_mynetworks,
check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_unauth_destination

/ morten

Wietse Venema

2003-09-28 15:05:12 UTC

Permalink

Post by Morten Winther

Post by Wietse Venema

Post by Morten Winther
What to do now? Have read the docs. If I missed something please direct
me to the right place.

Start with the DEFAULT main.cf file.
Then make changes ONE AT A TIME. Test Postfix AFTER EACH CHANGE.
Wietse

Thanx for the fast answer.
I already had a perfekt working postfix setup. Just wanted a
web-before-smtp service.
The check_client_access was the only line I added. So it was "one at a time"

check_client_access does not control mail RELAYING permissions.

You have the same mail RELAYING permission problem without changing
check_client_access.

Post by Morten Winther
But I think it working now. I just added check_client_access to
smtpd_recipient_restrictions as well.
Seems to work so if no one has anything bad to say about this setup its
fine.
smtpd_client_restrictions = permit_mynetworks,
check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_rbl_client dev.null.dk,
reject_rbl_client relays.ordb.org,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl
smtpd_recipient_restrictions = permit_mynetworks,
check_client_access
mysql:/usr/local/etc/postfix/sql-access.cf,
reject_unauth_destination

As long as the access list is based on network addresses this can be
relatively safe.

Wietse

Continue reading on narkive:

Search results for 'check_client_access setup' (Questions and Answers)

replies

I want to setup a server with windows 2003 server, and i have a question regarding the licenses...?

started 2008-09-25 12:25:13 UTC

computer networking

replies

is there a way to set my wirless router so that my desktop and my laptop can only access it?

started 2012-03-16 03:28:16 UTC

computer networking

replies