Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
Regards
Ankush
On Thu, Jan 1, 2009 at 4:26 AM, ankush grover ankushcentos@gmail.com wrote:
Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
Regards
Ankush _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
If you are using sendmail as the local MTA on these 5 systems (default) did you change your smarthost configuration to forward mail through your postfix mail relay?
Hi,
I'm not very familiar with postfix. I think you have to set "relayhost = ip or host name of CentOS relayin server" parameter in 5 Linux servers which are relaying there's mails via CentOS server.
Try this.
Thanks
Joshua Gimer wrote:
On Thu, Jan 1, 2009 at 4:26 AM, ankush grover ankushcentos@gmail.com wrote:
Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
Regards
Ankush _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
If you are using sendmail as the local MTA on these 5 systems (default) did you change your smarthost configuration to forward mail through your postfix mail relay?
ankush grover a écrit :
Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
smtpd_*_restrictions apply to mail submitted via SMTP (which is the case if you use telnet or if mail is received from a remote machine). but mail submitted via the sendmail command (which is the case when you use the 'mail' command) is not subject to these restrictions.
in short, with your current config, you have what you want except for mail submitted via a sendmail on the relay itself.
do you really want to restrict the latter? unless you are using selinux or the like to prevent other programs from connecting to the network, a program can simply connect directly to outside.
if you insist, then force mail to be passed to an smtpd using "-o content_filter" in master.cf:
pickup .... -o content_filter=relay:[127.0.0.1]:25
with this, mail received via the sendmail command will be passed to 127.0.0.1 port 25 and you get what you want.
but there is a caveat here: if after being received on port 25, the message is reinjected using the sendmail command (say from a content filter or from maildrop/procmail/whatever), then it will go to 127.0.0.1:25 again, and so on. and at sometime, you'll get an infinite loop error message (which won't loop, because internal messages are not subject to content_filter!)
On Sat, Jan 3, 2009 at 5:07 AM, mouss mouss@ml.netoyen.net wrote:
ankush grover a écrit :
Hi Friends,
I have configured Postfix mail server on Centos for relaying mails from 5 linux servers (including itself) within the same LAN. The postfix mail server should relay mails from these 5 linux servers for specific domains only. For example hosts 192.168.0.23/24/25/26/27 and the postfix mail server should only be able to receive and send mails from and to example.com,example2.com and example3.com domains only. Below is the configuration of the postfix mail server
myhostname = test.example.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks_style = subnet mynetworks = 192.168.0.23/32,192.168.0.24/32,192.168.0.25/32,127.0.0.1/32,192.168.0.26/32,192.168.0.27/32 ,relay_domains = $mydestination,example.com,example2.com,example3.com smtpd_recipient_restrictions = reject_unauth_destination,permit_mynetworks,reject
The issue I am facing is that whenever things are working fine when I check the things through telnet but when I do testing through command line through "mail" command I am able to send mails to any domain from these 5 servers.
bash-2.05$ telnet test.example.com 25 Trying 192.168.0.27... Connected to test. Escape character is '^]'. 220 test.example.com ESMTP Postfix (2.2.5) mail from:ankush.grover@example.com 250 Ok 501 Syntax: RCPT TO: <address> rcpt to:ankush@gmail.com 554 ankush@gmail.com: Relay access denied
How can I restrict mails even going through "mail" command from these 5 servers to specific domains only. These 5 servers are running some cronjobs and these cronjobs output it mailed through "mail" command.
smtpd_*_restrictions apply to mail submitted via SMTP (which is the case if you use telnet or if mail is received from a remote machine). but mail submitted via the sendmail command (which is the case when you use the 'mail' command) is not subject to these restrictions.
Seems so.
in short, with your current config, you have what you want except for mail submitted via a sendmail on the relay itself.
The issue was on one of the linux server the relay host was not defined in sendmail and I was testing the mail configuration that server. Anyway now mails from other domains are getting denied from all the 5 servers and only thing left is how to restrict mails from the relay host (postfix mail server). Mouss has given a good example and I will try that.
Thanks to all of you for helping me out :)
Regards
Ankush
-
ankush grover -
Chaminda Mendis -
Joshua Gimer -
mouss