Postfix-users restriction

Discussion in 'Installation/Configuration' started by mukta, Apr 27, 2006.

  1. mukta

    mukta New Member

    I have after 2 weeks of work(so I am not very clever) a Postfix server .
    Thank you for your tutorials and I want to thank especialy to FALKO.
    How can I have default users who cannot send external mails and how to set in main.cf users who have this rights?
    Who can help me?I migrate from qmail cause I didn't succed there to make that diffrence to posfix wich I belive have more stuff built in...

    I read and I tryed from :http://www.postfix.org/RESTRICTION_CLASS_README.html
    to understand how to Restricting what users can send mail to off-site destinations BUT I am NOT too clever so ...

    Thank you for those who will give me attention.
     
    Last edited: Apr 27, 2006
  2. falko

    falko Super Moderator Howtoforge Staff

    Which tutorial did you follow (URL)?
     
  3. mukta

    mukta New Member

    tutorial

    Actualy I finished with your tutorial http://www.howtoforge.com/virtual_postfix_mysql_quota_courier and I have YOUR server.I had problems but with YOUR answers I solved every problem step by step..
    So is it YOUR server(I started with other tutorials but finally...I am here)
    The most importan part is to have a mail server with users limitations(smtp restrictions ).I tryed few months with qmail but I must write the authentication package there so I say better to migrate to postfix.

    Thank you for your promtitude.
     
    Last edited: Apr 30, 2006
  4. falko

    falko Super Moderator Howtoforge Staff

    Have you tried this from http://www.postfix.org/RESTRICTION_CLASS_README.html ?

     
  5. mukta

    mukta New Member

    tryed

    Falko if you read my 1st post you will see that I tryed.
    I don't know how to combine your main.cf with those new lines....
    I don't understand much in main.cf lines...
    I will try again since you will answer again..

    Thank you..
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Do this:
    Code:
    postconf -e 'smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders'
    postconf -e 'smtpd_restriction_classes = local_only'
    postconf -e 'local_only = check_recipient_access hash:/etc/postfix/local_domains, reject'
    Then create the file /etc/postfix/restricted_senders which looks similar to this one:
    Code:
    foo@domain      local_only
    bar@domain      local_only
    Afterwards create /etc/postfix/local_domains which should look similar to this:
    Code:
    this.domain     OK
    that.domain     OK
    
    Then restart Postfix.
     
  7. mukta

    mukta New Member

    :) ok ok..

    I have in my original (and the server works great)main.cf:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = testing.cne-u2.ro
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = testing.cne-u2.ro, localhost.cne-u2.ro, localhost, yahoo.com
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2emai
    l.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_data_restrictions = reject_unauth_pipelining
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."


    After change you provide I have:


    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = testing.cne-u2.ro
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = testing.cne-u2.ro, localhost.cne-u2.ro, localhost, yahoo.com
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2emai
    l.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/restricted_senders
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_data_restrictions = reject_unauth_pipelining
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."



    How will be now with those new line?What smtpd_recipient_restrictions will become?Cause nou in syslog I have:
    Sep 17 08:28:44 testing postfix/master[2714]: warning: process /usr/lib/postfix/smtpd pid 2743 exit status 1
    Sep 17 08:28:44 testing postfix/master[2714]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
    Sep 17 08:29:45 testing postfix/smtpd[2744]: fatal: open database /etc/postfix/restricted_senders.db: No such file or directo
    ry
    Sep 17 08:29:46 testing postfix/master[2714]: warning: process /usr/lib/postfix/smtpd pid 2744 exit status 1
    Sep 17 08:29:46 testing postfix/master[2714]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
    Sep 17 08:30:46 testing postfix/smtpd[2746]: fatal: open database /etc/postfix/restricted_senders.db: No such file or directo
    ry
    Sep 17 08:30:47 testing postfix/master[2714]: warning: process /usr/lib/postfix/smtpd pid 2746 exit status 1
    Sep 17 08:30:47 testing postfix/master[2714]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling


    And I have vi /etc/postfix/restricted_senders :

    [email protected] local_only
    bar@domain local_only


    Thank you
     
    Last edited: Apr 28, 2006
  8. falko

    falko Super Moderator Howtoforge Staff

    Please run
    Code:
    postmap /etc/postfix/restricted_senders
    and restart Postfix. Do this everytime you change /etc/postfix/restricted_senders.
     
  9. mukta

    mukta New Member

    Thank You

    Falko,I want to thank you for your help...
    It's hardly to find someone who can REALY help you ...
    THANK YOU!EVERYTHING IS OKKKKK!

    I will come to you in the future to ask you about...since now I tryed alone everything but an anknown people help me ...you gave me more than answers in postfix you gave me more...

    [email protected]
     
    Last edited: Apr 30, 2006

Share This Page