Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a whitelist type file. This is the peculiar requirement for the customer that emails can be sent outside the office, only to email addresses listed in a file. The *'smtpd_reject_unlisted_recipient" parameter works only for local recepients. Any pointers to this? *
On Mon, Dec 21, 2009 at 09:44:52PM +0530, Rony wrote:
Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a
See the RESTRICTION_CLASS_README file. You want a restriction which requires the sender to be either authenticated, or in a network listed in mynetworks, and the recipient to be in a specific lookup table.
Start by looking at the recipient first, and then validate the client.
Devdas Bhagat
Devdas Bhagat wrote:
On Mon, Dec 21, 2009 at 09:44:52PM +0530, Rony wrote:
Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a
See the RESTRICTION_CLASS_README file. You want a restriction which requires the sender to be either authenticated, or in a network listed in mynetworks, and the recipient to be in a specific lookup table.
Start by looking at the recipient first, and then validate the client.
Thanks I will check it out.
Rony wrote:
Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a whitelist type file. This is the peculiar requirement for the customer that emails can be sent outside the office, only to email addresses listed in a file. The *'smtpd_reject_unlisted_recipient" parameter works only for local recepients. Any pointers to this?
Checkout http://www.trustedmachines.com/Milter_AddressControl-1.0.tar.gz It may help. This was developed by me for similar requirement. If you need new feature in this let me know.
Thanks And Regards Balwinder Singh
Linux wrote:
Rony wrote:
Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a whitelist type file. This is the peculiar requirement for the customer that emails can be sent outside the office, only to email addresses listed in a file. The *'smtpd_reject_unlisted_recipient" parameter works only for local recepients. Any pointers to this?
Checkout http://www.trustedmachines.com/Milter_AddressControl-1.0.tar.gz It may help. This was developed by me for similar requirement. If you need new feature in this let me know.
Thanks for the tip. I will try out all options.
Rony wrote:
Hello,
I have to setup an smtp server for a small office and I have zeroed in on postfix. I am going through the docs online but can't find the parameter that allows the sending of mails only to addresses listed in a whitelist type file. This is the peculiar requirement for the customer that emails can be sent outside the office, only to email addresses listed in a file. The *'smtpd_reject_unlisted_recipient" parameter works only for local recepients. Any pointers to this?
Checkout http://www.trustedmachines.com/Milter_AddressControl-1.0.tar.gz It may help. It was developed by me for similar requirement. If you need new feature, let me know.
Thanks And Regards Balwinder Singh
Hello Devdas and Balwinder,
Since morning I've been going through the docs and studying various points and installed postfix. There are some minor irritants that I need to get rid of.
The system will be set in an office that runs its computers in a workgroup and has no domain. The company has its own website with pop/smtp access but the sending of mails will be done through the local postfix server that will be setup in the office to prevent users from posting anything to their friends and send mails only to approved email addresses.
I am planning to use postfix as an smtp relay server with the relay host being the company's remote smtp server. Before deploying it on the office machine, I have set it up in my netbook as it has 2 network devices. I am confused about the myorigin and mydomain parameters as the netbook ( and the final server ) does not use any domain and it simply has a hostname. The error logs show problems associated with bad domain and related entries. The examples on the net are mostly domain related so what entries do I use for a simple server machine with no domain that will push mails to another smtp server using smtp_auth? I have even setup the smtp auth settings along with the smtp password file. However bad naming is coming in the way.
Another problem is that I even installed Milter_AddressControl but since I use lenny, the libraries it requires are older (lib...so.0) than the one lenny installs (lib...so.1) with libmilter-dev and libmilter1.0. There is no updated package for Milter_AccessControl. I also have a query for the /etc/AccessControl/control file. If AccessControl is working, will all mails be made to pass through the control rules before being allowed or rejected? At present I assume they will and am setting only allowed emails in the list using 'Email_id REJECT_NO' lines. This should automatically imply that mails sent to other addresses will be blocked. Am I on the right track?
Regards,
Rony.
Rony wrote:
Hello Devdas and Balwinder,
Since morning I've been going through the docs and studying various points and installed postfix. There are some minor irritants that I need to get rid of.
The system will be set in an office that runs its computers in a workgroup and has no domain. The company has its own website with pop/smtp access but the sending of mails will be done through the local postfix server that will be setup in the office to prevent users from posting anything to their friends and send mails only to approved email addresses.
I am planning to use postfix as an smtp relay server with the relay host being the company's remote smtp server. Before deploying it on the office machine, I have set it up in my netbook as it has 2 network devices. I am confused about the myorigin and mydomain parameters as the netbook ( and the final server ) does not use any domain and it simply has a hostname. The error logs show problems associated with bad domain and related entries. The examples on the net are mostly domain related so what entries do I use for a simple server machine with no domain that will push mails to another smtp server using smtp_auth? I have even setup the smtp auth settings along with the smtp password file. However bad naming is coming in the way.
Another problem is that I even installed Milter_AddressControl but since I use lenny, the libraries it requires are older (lib...so.0) than the one lenny installs (lib...so.1) with libmilter-dev and libmilter1.0. There is no updated package for Milter_AccessControl.
Please try compiling it with new libraries. It is simple and instructions are in README file. In README follow other than debian install part. Meanwhile I will also try to compile and upload package for lenny.
I also have a query for the /etc/AccessControl/control file.
It is /etc/AddressControl/control
If AccessControl is working, will all mails be made to pass through the control rules before being allowed or rejected? At present I assume they will and am setting only allowed emails in the list using 'Email_id REJECT_NO' lines. This should automatically imply that mails sent to other addresses will be blocked. Am I on the right track?
All mails will pass through milter. Your /etc/AddressControl/control file may look like as following
known_emailid@knowndomain.com REJECT_NO * REJECT_ALL
Thanks Balwinder
Linux wrote:
Rony wrote:
Another problem is that I even installed Milter_AddressControl but since I use lenny, the libraries it requires are older (lib...so.0) than the one lenny installs (lib...so.1) with libmilter-dev and libmilter1.0. There is no updated package for Milter_AccessControl.
Please try compiling it with new libraries. It is simple and instructions are in README file. In README follow other than debian install part. Meanwhile I will also try to compile and upload package for lenny.
I also have a query for the /etc/AccessControl/control file.
It is /etc/AddressControl/control
If AccessControl is working, will all mails be made to pass through the control rules before being allowed or rejected? At present I assume they will and am setting only allowed emails in the list using 'Email_id REJECT_NO' lines. This should automatically imply that mails sent to other addresses will be blocked. Am I on the right track?
All mails will pass through milter. Your /etc/AddressControl/control file may look like as following
known_emailid@knowndomain.com REJECT_NO
- REJECT_ALL
Thanks for the input. I will do the compiling.
Linux wrote:
Rony wrote:
Hello Devdas and Balwinder,
Since morning I've been going through the docs and studying various points and installed postfix. There are some minor irritants that I need to get rid of.
The system will be set in an office that runs its computers in a workgroup and has no domain. The company has its own website with pop/smtp access but the sending of mails will be done through the local postfix server that will be setup in the office to prevent users from posting anything to their friends and send mails only to approved email addresses.
I am planning to use postfix as an smtp relay server with the relay host being the company's remote smtp server. Before deploying it on the office machine, I have set it up in my netbook as it has 2 network devices. I am confused about the myorigin and mydomain parameters as the netbook ( and the final server ) does not use any domain and it simply has a hostname. The error logs show problems associated with bad domain and related entries. The examples on the net are mostly domain related so what entries do I use for a simple server machine with no domain that will push mails to another smtp server using smtp_auth? I have even setup the smtp auth settings along with the smtp password file. However bad naming is coming in the way.
Another problem is that I even installed Milter_AddressControl but since I use lenny, the libraries it requires are older (lib...so.0) than the one lenny installs (lib...so.1) with libmilter-dev and libmilter1.0. There is no updated package for Milter_AccessControl.
Please try compiling it with new libraries. It is simple and instructions are in README file. In README follow other than debian install part. Meanwhile I will also try to compile and upload package for lenny.
I also have a query for the /etc/AccessControl/control file.
It is /etc/AddressControl/control
If AccessControl is working, will all mails be made to pass through the control rules before being allowed or rejected? At present I assume they will and am setting only allowed emails in the list using 'Email_id REJECT_NO' lines. This should automatically imply that mails sent to other addresses will be blocked. Am I on the right track?
All mails will pass through milter. Your /etc/AddressControl/control file may look like as following
known_emailid@knowndomain.com REJECT_NO
- REJECT_ALL
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
Please download updated package for lenny from http://www.trustedmachines.com/Milter_AddressControl-1.0.1_lenny.tar.gz?attr...
Thanks And Regards Balwinder Singh
On Friday 25 December 2009, Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
+1. I wanted to jump in when Rony mentioned there is no domain name for this client.
@Rony, you need a valid domain name on the 'Net and a sub-domain served by an internal DNS server that resolves A and PTR records.
I generally do this as "intra.example.com" for the internal LAN sub domain.
Arun Khan wrote:
On Friday 25 December 2009, Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
+1. I wanted to jump in when Rony mentioned there is no domain name for this client.
@Rony, you need a valid domain name on the 'Net and a sub-domain served by an internal DNS server that resolves A and PTR records.
I generally do this as "intra.example.com" for the internal LAN sub domain.
The customer has his own website and it is also enabled with POP/SMTP. Since that smtp needs to be authenticated with the email_id as username and a password, I thought of using that as credentials to relay messages to that server to then forward them to the world. Do I still need a domain setting? How does Thunderbird or Outlook Express forward mails from machines with only a hostname?
Rony wrote:
Arun Khan wrote:
On Friday 25 December 2009, Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
+1. I wanted to jump in when Rony mentioned there is no domain name for this client.
@Rony, you need a valid domain name on the 'Net and a sub-domain served by an internal DNS server that resolves A and PTR records.
I generally do this as "intra.example.com" for the internal LAN sub domain.
The customer has his own website and it is also enabled with POP/SMTP. Since that smtp needs to be authenticated with the email_id as username and a password, I thought of using that as credentials to relay messages to that server to then forward them to the world. Do I still need a domain setting? How does Thunderbird or Outlook Express forward mails from machines with only a hostname?
Further to that, is there any way the Milter_AccessControl can be used directly with Thunderbird? That way Milter_AccessControl will run in a single machine and all machines with Thunderbird will forward mails via this machine that is listening on port 10035. I only need outgoing email_id control.
Rony wrote:
Rony wrote:
Arun Khan wrote:
On Friday 25 December 2009, Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
+1. I wanted to jump in when Rony mentioned there is no domain name for this client.
@Rony, you need a valid domain name on the 'Net and a sub-domain served by an internal DNS server that resolves A and PTR records.
I generally do this as "intra.example.com" for the internal LAN sub domain.
The customer has his own website and it is also enabled with POP/SMTP. Since that smtp needs to be authenticated with the email_id as username and a password, I thought of using that as credentials to relay messages to that server to then forward them to the world. Do I still need a domain setting? How does Thunderbird or Outlook Express forward mails from machines with only a hostname?
Further to that, is there any way the Milter_AccessControl can be used directly with Thunderbird? That way Milter_AccessControl will run in a single machine and all machines with Thunderbird will forward mails via this machine that is listening on port 10035. I only need outgoing email_id control.
No, Milter_AddressControl cannot directly talk with thundirbird, we need SMTP server which supports milter in between. I think what you are trying to do is relay mail via another server. In this case DNS entries are not required. Please see http://www.howtoforge.com/postfix_relaying_through_another_mailserver
Thanks And Regards Balwinder Singh
On Sat, Dec 26, 2009 at 10:32 AM, Linux wrote:
No, Milter_AddressControl cannot directly talk with thundirbird, we need SMTP server which supports milter in between. I think what you are trying to do is relay mail via another server. In this case DNS entries are not required. Please see http://www.howtoforge.com/postfix_relaying_through_another_mailserver
I finally got rid of the invalid hostname and other problems by editing /etc/hosts with a FQDN name (a fake one). I have stopped bind9 to avoid using dns. The problem of host not found still existed for the relay host. Then in one site on the net I saw that the entry for relay host has to be in boxes like relayhost = [relay_smtp_server_address]. This removed all naming and host not found errors but now the only problem is that the relay host is refusing connections. Since I don have my clientś smtp username and password, I was using my own yahoo email id and password with yahooś smtp server as my relay host. It is refusing connections. Then I commented the smtp_auth related lines in main.cf and tried mtnlś open smtp server that does not use authentication but that too refuses connection. Now as a last resort I will try mtnlś regular smtp server with auth.
The link which you gave shows that my main.cf file is already configured accordingly.
On Sun, Dec 27, 2009 at 12:06 AM, Rony Bill wrote:
I finally got rid of the invalid hostname and other problems by editing /etc/hosts with a FQDN name (a fake one). I have stopped bind9 to avoid using dns. The problem of host not found still existed for the relay host. Then in one site on the net I saw that the entry for relay host has to be in boxes like relayhost = [relay_smtp_server_address]. This removed all naming and host not found errors but now the only problem is that the relay host is refusing connections. Since I don have my clientś smtp username and password, I was using my own yahoo email id and password with yahooś smtp server as my relay host. It is refusing connections. Then I commented the smtp_auth related lines in main.cf and tried mtnlś open smtp server that does not use authentication but that too refuses connection. Now as a last resort I will try mtnlś regular smtp server with auth.
The link which you gave shows that my main.cf file is already configured accordingly.
I feel very silly while writing this addition. The problem with yahoo refusing connections was that my relay server entry as well as the password file had the yahoo POP server setting instead of SMTP. I was finally able to send a mail from my yahoo account to my gmail account. MTNLś open smtp server is anyway not working all the time. In thunderbird my smtp server is set to 127.0.0.1. Tomorrow I will do the milter_accesscontrol thing. Thanks to everyone who replied and as a serious homework I will later on setup a proper DNS server in my machine just for practice.
Hello,
After postfix was successfully relaying messages to the remote smtp server, I tried Milter_AddressControl but while starting the binary for lenny, it returns and error that its corrupted and has some multiple mappings etc etc. So after looking up the traditional postfix method suggested earlier and after making mistakes and correcting them, I finally managed to get the outgoing address control working and it even rejects mail if the unwanted email id is in bcc. The only problem now is that if the mail has recipients who are in the whitelist and those not, the entire mail gets rejected. Is there any parameter option that will allow mails to be sent to atleast the whitelisted ones? This is not a major hurdle but if it can be resolved, it would be great.
In my main.cf I have the line:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, reject
The recipient_access file has the format:
whitelist_email_id1 permit whitelist_email_id2 permit whitelist_email_id3 permit
After the list is scanned, what is not in the list gets the reject option in the smtpd_ line. Is there any option other than `reject´ that will atleast let the whitelisted addresses receive the mails if both addresses exist together in the mail?
Regards,
Rony.
On Sun, Dec 27, 2009 at 10:50 PM, Rony Bill gnulinuxist@gmail.com wrote:
Hello,
After postfix was successfully relaying messages to the remote smtp server, I tried Milter_AddressControl but while starting the binary for lenny, it returns and error that its corrupted and has some multiple mappings etc etc. So after looking up the traditional postfix method suggested earlier and after making mistakes and correcting them, I finally managed to get the outgoing address control working and it even rejects mail if the unwanted email id is in bcc. The only problem now is that if the mail has recipients who are in the whitelist and those not, the entire mail gets rejected. Is there any parameter option that will allow mails to be sent to atleast the whitelisted ones? This is not a major hurdle but if it can be resolved, it would be great.
In my main.cf I have the line:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, reject
The recipient_access file has the format:
whitelist_email_id1 permit whitelist_email_id2 permit whitelist_email_id3 permit
After the list is scanned, what is not in the list gets the reject option in the smtpd_ line. Is there any option other than `reject´ that will atleast let the whitelisted addresses receive the mails if both addresses exist together in the mail?
I don;t think that can be done. The rejection happens at the SMTP transaction level (Envelop Recipients) when MUA (Thunderbird, OutlookExpress etc) tries to send the mail. The sender should get clear message (I think you can customize the rejection message) that some of the recipients in the mail are rejected and sender can remove those recipients from (yet unsent) mail.
I think this is the desired way of rejecting the recipient then bouncing the mail for rejected recipients.
Regards,
Rony.
With regards,
2009/12/27 Dinesh Shah (દિનેશ શાહ/दिनेश शाह) dineshah@gmail.com
On Sun, Dec 27, 2009 at 10:50 PM, Rony Bill gnulinuxist@gmail.com wrote:
I don;t think that can be done. The rejection happens at the SMTP transaction level (Envelop Recipients) when MUA (Thunderbird, OutlookExpress etc) tries to send the mail. The sender should get clear message (I think you can customize the rejection message) that some of the recipients in the mail are rejected and sender can remove those recipients from (yet unsent) mail.
I think this is the desired way of rejecting the recipient then bouncing the mail for rejected recipients.
Then I will keep it that way. Unless the user removes the unwanted email address he cannot send the mail. That´s good enough.
After postfix was successfully relaying messages to the remote smtp server, I tried Milter_AddressControl but while starting the binary for lenny, it returns and error that its corrupted and has some multiple mappings etc etc.
I tried downloading, it is working. It is compiled for i386 arch, which architecture are you on.
So after looking up the traditional postfix method suggested earlier and after making mistakes and correcting them, I finally managed to get the outgoing address control working and it even rejects mail if the unwanted email id is in bcc. The only problem now is that if the mail has recipients who are in the whitelist and those not, the entire mail gets rejected. Is
Milter_AddressControl can do this, but is not recommended if you can directly achieve it in postfix.
there any parameter option that will allow mails to be sent to atleast the whitelisted ones? This is not a major hurdle but if it can be resolved, it would be great. In my main.cf I have the line:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access, reject
The recipient_access file has the format:
whitelist_email_id1 permit whitelist_email_id2 permit whitelist_email_id3 permit
After the list is scanned, what is not in the list gets the reject option in the smtpd_ line. Is there any option other than `reject´ that will atleast let the whitelisted addresses receive the mails if both addresses exist together in the mail?
Regards,
Rony.
On Friday 25 December 2009, Rony wrote:
Arun Khan wrote:
On Friday 25 December 2009, Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
+1. I wanted to jump in when Rony mentioned there is no domain name for this client.
@Rony, you need a valid domain name on the 'Net and a sub-domain served by an internal DNS server that resolves A and PTR records.
I generally do this as "intra.example.com" for the internal LAN sub domain.
The customer has his own website and it is also enabled with POP/SMTP. Since that smtp needs to be authenticated with the email_id as username and a password, I thought of using that as credentials to relay messages to that server to then forward them to the world. Do I still need a domain setting? How does Thunderbird or Outlook Express forward mails from machines with only a hostname?
IMO, the proper way to do it:
1. define an LAN sub domain e.g. intra.example.com where example.com is your external domain.
2. define DNS A/PTR tables, yes this means running DNS for your sub domain.
3. give each host and meaningful name e.g. main- honcho.intra.example.com, email.intra.example.com (smtp/pop3/imap server)
4. All your email clients would point to your internal smtp server "email.intra.example.com" (postfix) for outgoing email.
5. Mail filtering would be done by postfix rules.
On Fri, Dec 25, 2009 at 3:21 PM, Arun Khan
I am now setting up bind9 and following the procedure in http://forums.debian.net/viewtopic.php?f=16&t=39146
I am stuck at the part where the entries below are to be edited.
¨; ; BIND data file for sampledns.com ; $TTL 604800 @ IN SOA sampledns.com. info.sampledns.com. ( 2009051501 ; Serial 7200 ; Refresh 120 ; Retry 2419200 ; Expire 604800) ; Default TTL ; @ IN NS ns1.sampledns.com. @ IN NS ns2.sampledns.com. sampledns.com. IN MX 10 mail.sampledns.com. sampledns.com. IN A 192.168.254.1 www IN CNAME sampledns.com. mail IN A 192.168.254.1 ftp IN CNAME sampledns.com. sampledns.com. IN TXT "v=spf1 ip4:192.168.254.1 a mx ~all" mail IN TXT "v=spf1 a -all"What do I do about the ns1.sampledns.com and ns2...entries? My dns will not be accessible from the internet as it is local only. Do I simply delete the lines? What is the SOA info.sampledns.com entry for? I dont have any machine for that.
Linux wrote:
For other problem, I think you will need a machine with valid name, which should have forward and reverse DNS entries.
Please download updated package for lenny from http://www.trustedmachines.com/Milter_AddressControl-1.0.1_lenny.tar.gz?attr...
Thanks! I will do it.
-
Arun Khan -
Devdas Bhagat -
Dinesh Shah (દિનેશ શાહ/दिनेश शाह) -
Linux -
Rony -
Rony Bill