October 28th, 2003, 01:11
Was going through elmore's write-up (Very nice :D) and I have come across a couple questions, first off, I plan to route vlad902@blah and v902@blah to vlad@blah, the question is do I add vlad902 and v902 to /etc/postfix access?

Also, when I try to run postmap access I get the following:

[code:1:dd8d7cc43a]# postmap access
postmap: fatal: /usr/local/etc/postfix/main.cf, line 355: missing '=' after attribute name: "check_client_access hash:/etc/postfix/client_access,"

# cat main.cf | head -n 373 | tail -n 20
smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_access,

smtpd_recipient_restrictions = regexp:/etc/postfix/regexp_access,
check_recipient_acces hash:/etc/postfix/access,

smtpd_sender_restrictions = regexp:/etc/postfix/sender_checks.regexp,
check_sender_access hash:/etc/postfix/sender_access,

Krusty says that it works on his Postfix 1.1 system (*snicker* :lol:), so I'm guessing there has been syntax changes since then, anyone care to correct it? :)

October 28th, 2003, 05:24
Couldn't you do that with /etc/aliases or /etc/mail/aliases?

October 28th, 2003, 11:22
I'm not trying to alias at this point, postfix has to know which e-mail adressed to recieve to, and I'm wondering if needs that ones that are being aliased to be in there too.

FYI, I forgot to state in the post but this is Postfix 2.0.16 on a FreeBSD box

October 28th, 2003, 12:01
[code:1:7a34544d1a]smtpd_client_restrictions =
check_client_access hash:/etc/postfix/client_access,
reject_unauth_pipelining [/code:1:7a34544d1a]

Just checking that this first line actually shows as one line in your main.cf. It should be like this...

[code:1:7a34544d1a]smtpd_client_restrictions = check_client_access hash:/etc/postfix/client_access,
reject_unauth_pipelining [/code:1:7a34544d1a]

Otherwise it might think that check_client_access is a option in the main.cf instead of a option of the above smtpd_client_restrictions. You can't have the first option split between 2 lines.

Your other 2 sets of rules are okay for that.


October 28th, 2003, 13:03
Couldn't you do that with /etc/aliases or /etc/mail/aliases?

Yes you could but access permits mail only for those addresses expressly permited by the access list, a functionality /etc/aliases doesn't have. Use of canonical tables for both sending and receiving mail also rewrites the headers inbound and outbound which is ideal for a box that hosts multiple domains or, mapping users to virtual names for inbound mail and for outbound mail as well because it rewrites the reply-to header to be the virtual name not the actual username. Helps in consistency. Something the aliases file does not do. I use, access lists and canonical tables and limit the aliases file for only those system aliases that need it, like root, postmaster abuse etc. etc.

Of course my how-to is dated these days and is in need of modernization. Some of the syntax is deprecated and postfix now supports mysql for its lookup tables and user lists and that is probably the better method at this point. Still the major MTA/MDA concepts of that document hold true, and retain much of their original value.

October 29th, 2003, 12:56
Damn I checked it out, apparently postfix2 needs all the stuff on the same line :roll: And by all I mean everything

smptd_client_restrictions =check_client_access hash:/etc/postfix/client_access,reject_maps_rbl,reject_unauth_pipeli ning

smtpd_recipient_restrictions = regexp:/etc/postfix/regexp_access, check_recipient_access hash:/etc/postfix/access,permit_mynetworks,reject_unknown_recipient_ domain,rejec
t_unknown_hostname,reject_maps_rbl,reject_unauth_p ipelining,reject

smtpd_sender_restrictions = regexp:/etc/postfix/sender_checks.regexp,check_sender_access hash:/etc/postfix/sender_access,reject_unknown_sender_domain,reject_ maps_rbl,rej