smtpd_mumble_restrictions puzzle, postmaster is special?
This is a discussion on smtpd_mumble_restrictions puzzle, postmaster is special? within the alt.comp.mail.postfix forums, part of the Mail Servers and Related category; In /etc/postfix/main.cf we have: smtpd_client_restrictions = permit_mynetworks check_client_access cidr:/etc/postfix/client-cidr-p check_client_access hash:/etc/postfix/...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-07-2007
|
|||
|
|||
smtpd_mumble_restrictions puzzle, postmaster is special?
In /etc/postfix/main.cf we have: smtpd_client_restrictions = permit_mynetworks check_client_access cidr:/etc/postfix/client-cidr-p check_client_access hash:/etc/postfix/botland-p check_client_access pcre:/etc/postfix/client-pcre-p reject_rbl_client zen.spamhaus.org ... smtpd_recipient_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/access check_recipient_access hash:/etc/postfix/recipients ... alias_maps = hash:/etc/postfix/aliases virtual_alias_maps = hash:/etc/postfix/virtual There are no restriction_classes. In /etc/postfix/client-pcre-p we have: ... /^[267][0-9\-]{7,15}\.dhcp\..{7}\.charter\.com$/i REJECT charter.com dhcp -p RE ... and the command postmap -q '68-118-235-9.dhcp.oxfr.ma.charter.com' pcre:client-pcre-p says REJECT charter.com dhcp -p RE with an exit status of zero. And, if we grep charter.com in /var/log/mail.log, we find zillions of these: Jul 7 11:13:41 rachel postfix/smtpd[25068]: NOQUEUE: reject: RCPT from 71-8-118-236.dhcp.ftwo.tx.charter.com[71.8.118.236]: 554 5.7.1 <71-8-118-236.dhcp.ftwo.tx.charter.com[71.8.118.236]>: Client host rejected: charter.com dhcp -p RE; from=<[redacted]> to=<[redacted]> proto=SMTP helo=<76.16.157.68> And all of that is Postfix behaving exactly as documented. So far so good, and it's my favorite MTA. The notify_classes variable isn't mentioned in main.cf; this is the default. $ /usr/sbin/postconf | grep notify notify_classes = resource, software But, messages from clients whose hostnames match that RE get through to postmaster@$mydomain and abuse@$mydomain. In fact, the hostname in that postmap command example got through this morning. The only mentions of abuse@$mydomain are in /etc/postfix/recipients: abuse@example.net OK and in aliases: abuse: postmaster and in virtual: abuse@example.com abuse (There's one of those for each virtual domain. Actual domains redacted but you can guess.) Postmaster is aliased to me in postfix/aliases, and it's got a virtual alias for each virtual domain too. I *will* use restriction classes to put weaker filtering on postmaster and abuse, respecting the intent of RFC2142, but not until I figure this out. What's going on here? How is the client-pcre-p client restriction being overridden? Is postmaster special? This is Postfix-2.3.8 as packaged in Debian-4.0 with, obviously, the PCRE option installed. Cameron 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 02:41 PM.
