How do i stop a local mail user from accessing the SMTP queue? I set Postfix = n in the database and IMAP / POp checked but they still have access? True newbie here, Ray
A little more info: I have Roundcube installed with ISPconfig3 with a sign-up interface for new users. Well, the folks with US$20,000,000 dollars from Nigeria showed up and went nuts... I have all the fun stuff on the spam side installed but a valid user... Well there are some holes I need to plug. With ISPconfig3, I set the offender to Postfix no, IMAP & POP checked. In the database, Postfix=n, access=n, disableimap=1, disablepop3=1 These users can still send mail. In postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no body_checks = regexp:/etc/postfix/body_checks broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = amavis:[127.0.0.1]:10024 disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = all inet_protocols = all invalid_hostname_reject_code = 554 mailbox_command = /usr/bin/maildrop mailbox_size_limit = 50485760 message_size_limit = 10000000 mime_header_checks = regexp:/etc/postfix/mime_header_checks multi_recipient_bounce_reject_code = 554 mydestination = mail.mymail.com, localhost, localhost.localdomain myhostname = mail.t-mail.com mynetworks = 127.0.0.0/8 myorigin = /etc/mailname nested_header_checks = regexp:/etc/postfix/nested_header_checks non_fqdn_reject_code = 554 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = + relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_domains_reject_code = 554 relayhost = smtp_destination_recipient_limit = 25 smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf, smtpd_error_sleep_time = 5s smtpd_hard_error_limit = 20 smtpd_helo_required = yes smtpd_recipient_limit = 5 smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining,permit_sasl_authenticated,reject_unauth_destination,reject_rbl_client multi.uribl.com,reject_rbl_client zen.spamhaus.org,reject_rbl_client dnsbl.njabl.org,reject_rbl_client whois.rfc-ignorant.org,reject_rbl_client combined.rbl.msrbl.net,check_policy_service inet:127.0.0.1:60000,reject_rhsbl_sender dsn.rfc-ignorant.org,permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual_sender_ban.cf smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, smtpd_soft_error_limit = 10 smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf unknown_address_reject_code = 554 unknown_client_reject_code = 554 unknown_hostname_reject_code = 554 unknown_local_recipient_reject_code = 554 unknown_relay_recipient_reject_code = 554 unknown_virtual_alias_reject_code = 554 unknown_virtual_mailbox_reject_code = 554 unverified_recipient_reject_code = 554 unverified_sender_reject_code = 554 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:5000 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = maildrop virtual_uid_maps = static:5000 and /etc/postfix/mysql-virtual_sender_ban.cf user = XXXXXX password = XXXXXX dbname = dbispconfig table = mail_user select_field = email where_field = email additional_conditions = and postfix ='n' hosts = 127.0.0.1 Thanks for your help. Ray
Roundcube webmail linked to ISPconfig. Roundcube login depends on IMAP. With IMAP disabled through ISPconfig, the user authenticates OK but then the session disconnects. telnet mymail.com 143 Trying 10.10.10.10... Connected to mymail.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. . login [email protected] XXXXXX . OK LOGIN Ok. * BYE IMAP access disabled for this account. Connection closed by foreign host. User is in though and can send e-mail. If disableimap stopped OK login, then user would not authenticate. Does this makes sense? Something like the following in postfix/main.cf would block sending mail I think: smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access mysql:/etc/postfix/mysql-virtual_sender_ban.cf where mysql:/etc/postfix/mysql-virtual_sender.cf blocks blacklisted spamfilters from ISPconfig and /etc/postfix/mysql-virtual_sender_ban.cf contains: user = XXXXX password = XXXXX dbname = dbispconfig table = mail_user select_field = email where_field = email additional_conditions = and (postfix ='n' OR disableimap ='1') hosts = 127.0.0.1 Should this block an ISPconfig user from sending? Does it makes sense? I will investigate Roundcube and try to find out why the user is allowed access but from a pure ISPconfig point, is there a way to shut them out so setting postfix ='n' or disableimap='1' results in: telnet mymail.com 143 Trying 10.10.10.10... Connected to mymail.com. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information. . login [email protected] XXXXXX . NO Login failed. * BYE IMAP access disabled for this account. Connection closed by foreign host. Thanks again for your patience and for not jumping all over me for my ignorance. I have found these forums very useful and appreciate your willingness to help us, the dimmer bulbs in the chandelier. Ray