Restricted incoming users ruleset

Industry Standard Computers sales11 at iscnetwork.com
Fri Jul 14 06:43:05 IST 2006


Drew,
Sorry it took a while to get a "who cares what blows up" box and a test 
domain. One single domain, 4 users.
Thanks,
Butch

-------------------------------------------------------
I did a log rotate & a service MS restart and then sent an email to the 
restricted user "joejoe".
-------------------------------------------------------
here is maillog log:

Jul 14 01:25:05 butch MailScanner[19599]: MailScanner E-Mail Virus 
Scanner version 4.53.8 starting...
Jul 14 01:25:05 butch MailScanner[19599]: Read 746 hostnames from the 
phishing whitelist
Jul 14 01:25:10 butch MailScanner[19599]: Using locktype = flock
Jul 14 01:25:12 butch postfix/smtpd[19690]: connect from 
mail.cybrhost.net[67.99.202.39]
Jul 14 01:25:12 butch postfix/smtpd[19690]: warning: unknown smtpd 
restriction: "restrictive"
Jul 14 01:25:12 butch postfix/smtpd[19690]: NOQUEUE: reject: RCPT from 
mail.cybrhost.net[67.99.202.39]: 451 Server configuration error; 
from=<sales11 at iscnetwork.com> to=<joejoe at butch.homelinux.com> 
proto=ESMTP helo=<cybrhost.net>
Jul 14 01:25:12 butch postfix/cleanup[19692]: 6BA606F07F2: 
message-id=<20060714052512.6BA606F07F2 at butch.homelinux.com>
Jul 14 01:25:12 butch postfix/smtpd[19690]: disconnect from 
mail.cybrhost.net[67.99.202.39]
Jul 14 01:25:12 butch postfix/qmgr[19239]: 6BA606F07F2: 
from=<double-bounce at butch.homelinux.com>, size=904, nrcpt=1 (queue active)
Jul 14 01:25:12 butch postfix/cleanup[19692]: 744426F139A: 
message-id=<20060714052512.6BA606F07F2 at butch.homelinux.com>
Jul 14 01:25:12 butch postfix/qmgr[19239]: 744426F139A: 
from=<double-bounce at butch.homelinux.com>, size=1049, nrcpt=1 (queue active)
Jul 14 01:25:12 butch postfix/local[19693]: 6BA606F07F2: 
to=<postmaster at butch.homelinux.com>, orig_to=<postmaster>, relay=local, 
delay=0, status=sent (forwarded as 744426F139A)
Jul 14 01:25:12 butch postfix/qmgr[19239]: 6BA606F07F2: removed

# this line Root's .forward address.
Jul 14 01:25:13 butch postfix/smtp[19694]: 744426F139A: 
to=<iscnetwork at gmail.com>, orig_to=<postmaster>, 
relay=gmail-smtp-in.l.google.com[64.233.185.114], delay=1, status=sent 
(250 2.0.0 OK 1152854708 12si2010465wrl)

Jul 14 01:25:13 butch postfix/qmgr[19239]: 744426F139A: removed
Jul 14 01:25:16 butch MailScanner[19758]: MailScanner E-Mail Virus 
Scanner version 4.53.8 starting...
Jul 14 01:25:16 butch MailScanner[19758]: Read 746 hostnames from the 
phishing whitelist
Jul 14 01:25:21 butch MailScanner[19758]: Using locktype = flock
Jul 14 01:25:27 butch MailScanner[19916]: MailScanner E-Mail Virus 
Scanner version 4.53.8 starting...
Jul 14 01:25:28 butch MailScanner[19916]: Read 746 hostnames from the 
phishing whitelist
Jul 14 01:25:32 butch MailScanner[19916]: Using locktype = flock


--------------------------------------------------------
Here is main.cf:

header_checks = regexp:/etc/postfix/header_checks
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = butch.homelinux.com
mydomain = butch.homelinux.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
virtual_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = norealm.lan
bounce_queue_lifetime = 6h
local_recipient_maps =
luser_relay = jane
mailbox_size_limit = 512000000
message_size_limit = 10240000


smtpd_restriction_classes = restrictive, permissive
restrictive = reject_unknown_sender_domain, reject_unknown_client_hostname
permissive = permit


smtpd_restriction_classes = local_only, local_plus
local_only = reject_unauth_destination

local_plus = check_recipient_access hash:/etc/postfix/local_plus
   reject_unauth_destination
smtpd_delay_reject = yes
smtpd_sender_restrictions =
   check_sender_access hash:/etc/postfix/restricted_senders

smtpd_recipient_restrictions =
    permit_mynetworks
    check_recipient_access hash:/etc/postfix/restricted_incoming_users
    reject_unauth_destination
    permit_sasl_authenticated

-----------------------------------------------------
All the .db's are up to date and here is a directory listing of 
/etc/postfix:

-rw-r--r--   1 root root  14K May 28  2005 access
-rw-r--r--   1 root root  601 Dec  3  2005 aliases
-rw-r--r--   1 root root  12K Jul  8 03:26 aliases.db
-rw-r--r--   1 root root 2.2K Jun 25 14:52 butch.postfix
-rw-r--r--   1 root root 8.9K May 28  2005 canonical
-rw-r--r--   1 root root  15K Jul  8 10:46 header_checks
-rw-r--r--   1 root root  12K May 28  2005 LICENSE
-rw-r--r--   1 root root   35 Oct 23  2005 local_domains
-rw-r--r--   1 root root  12K Jul 14 01:20 local_domains.db
-rw-r--r--   1 root root  103 Jun 25 14:49 local_plus
-rw-r--r--   1 root root  12K Jul 14 01:20 local_plus.db
-rw-r--r--   1 root root  28K Jul 14 00:16 main.cf
-rw-r--r--   1 root root  998 May 28  2005 makedefs.out
-rw-r--r--   1 root root 7.0K Aug 13  2005 master.cf
-rw-r--r--   1 root root  16K May 28  2005 postfix-files
-rwxr-xr-x   1 root root 5.7K May 28  2005 postfix-script
-rwxr-xr-x   1 root root  22K May 28  2005 post-install
-rw-r--r--   1 root root   88 Oct 23  2005 recipient_access
-rw-r--r--   1 root root  12K Jul 14 01:21 recipient_access.db
-rw-r--r--   1 root root 6.3K May 28  2005 relocated
-rw-r--r--   1 root root   40 Jun 25 12:41 restricted_incoming_users
-rw-r--r--   1 root root  12K Jul 14 01:21 restricted_incoming_users.db
-rw-r--r--   1 root root   75 Jun 25 13:30 restricted_senders
-rw-r--r--   1 root root  12K Jul 14 01:21 restricted_senders.db
-rw-r--r--   1 root root  12K Jul 11 11:30 sasl_passwd.db
-rw-r--r--   1 root root   47 Jul 11 12:05 sasl_passwdXXXX
-rw-r--r--   1 root root  124 Jul 11 20:41 transport
-rw-r--r--   1 root root  12K Jul 14 01:20 transport.db
-rw-r--r--   1 root root  11K Jul 11 11:21 transport.original
-rw-r--r--   1 root root   38 Oct 23  2005 virtual
-rw-r--r--   1 root root  12K Oct 23  2005 virtual.db

---------------------------------------------------------------------
person who send the email to joejoe gets this back a few times:

 Out: 220 butch.homelinux.com ESMTP Postfix
 In:  EHLO cybrhost.net
 Out: 250-butch.homelinux.com
 Out: 250-PIPELINING
 Out: 250-SIZE 10240000
 Out: 250-VRFY
 Out: 250-ETRN
 Out: 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5
 Out: 250-AUTH=DIGEST-MD5 PLAIN LOGIN CRAM-MD5
 Out: 250 8BITMIME
 In:  MAIL FROM:<sales11 at iscnetwork.com> SIZE=1320
 Out: 250 Ok
 In:  RCPT TO:<joejoe at butch.homelinux.com>
 Out: 451 Server configuration error
 In:  QUIT


 Out: 221 Bye




More information about the MailScanner mailing list