RHCE - EX300 / How configure user based security for Postfix

ludieguludiegu Registered Users Posts: 3 ■□□□□□□□□□
Hi all! I'm studying for the RHCE with the Jang book, and while I find it quite good, regarding Postfix I cannot understand a couple of things. For passing an RHCE exam, is needed to understand the following two objective:

- Postfix host based security [1]
- Postfix user based security [2]

While I can easily accomplish [1] with iptables, I cannot do [2] with what is inside the Jang's book, in particular, the access file is somewhat ignored from Postfix, using the steps inside it.
I've searched a lot for understanding how I can deny Postfix from a certain user, but I cannot understand why is not working. Has someone a simple checklist/list of steps to undestand?
Thanks!

Comments

  • JoseJimenezJoseJimenez Member Posts: 33 ■■□□□□□□□□
    From my notes, what I have tried:

    1. Host/IP based security:
    vi /etc/postfix/access
    1.2.3 REJECT
    1.2.3.4 OK


    postmap /etc/postfix/access
    postconf -e smtpd_client_restrictions=check_client_access hash:/etc/postfix/access
    service postfix restart


    2. User based security:
    vi /etc/postfix/sender_access
    myfriend@example.com OK
    junk@spam.com REJECT
    marketing@ REJECT
    theboss@ OK
    deals.marketing.com REJECT
    somedomain.com OK


    postmap hash:/etc/postfix/sender_access
    postconf -e smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/sender_access
    service postfix restart






    Restriction option

    Applies to



    smtpd_client_restrictions

    • client’s IP address or its hostname or both



    smtpd_helo_restrictions

    • client’s HELO/EHLO argument
    • client’s IP address or hostname or both



    smtpd_sender_restrictions

    • envelope sender
    • HELO/EHLO argument
    • client



    smtpd_recipient_restrictions

    • envelope recipient(s)
    • envelope sender
    • HELO/EHLO argument
    • client IP address or hostname





  • ludieguludiegu Registered Users Posts: 3 ■□□□□□□□□□
    postmap hash:/etc/postfix/sender_accesspostconf -e smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/sender_accessservice postfix restart

    Thanks for your reply, but it seems to doesn't work:
    Jan 23 17:29:43 server postfix/master[12475]: warning: process /usr/libexec/postfix/smtpd pid 12485 exit status 1
    Jan 23 17:29:43 server postfix/master[12475]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
    Jan 23 17:30:43 server postfix/smtpd[12491]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
    
  • JoseJimenezJoseJimenez Member Posts: 33 ■■□□□□□□□□
    did you create access file: /etc/postfix/sender_access ?
  • ludieguludiegu Registered Users Posts: 3 ■□□□□□□□□□
    Yes I did:
    cat /etc/postfix/sender_access
    diego@    REJECT
    mailer1@ REJECT
    

    and here the main.cf
    smtpd_recipient_restrictions=
     check_sender_access hash:/etc/postfix/sender_access
    
Sign In or Register to comment.