Enhancement #2768

Relax Postix restrictions for whitelisted senders

Added by Davide Principi over 5 years ago. Updated about 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-filter
Target version:v6.5
Resolution: NEEDINFO:No

Description

The amavisd/SenderWhitelist prop is honoured by amavisd to bypass spam checks. Anyway, Postfix still enforces reject_unknown_sender_domain rule in smtpd_sender_restrictions. Thus a mail from a non existent domain can't be delivered even if the sender domain is whitelisted.

Honour amavisd/SenderWhitelist prop in smtpd_sender_restrictions.

[ Rif Nethesis 2014061110000058 ]

Example scenario: some internal servers (with a .local domain) send email notifications to NethServer. Emails are refused because the sender domain does not exist.

Associated revisions

Revision fb3029cc
Added by Davide Principi about 5 years ago

main.cf: removed SMTP compliance checks. Refs #2768

This kind of restrictions are now enforced by mail-filter.

Revision e6c066d6
Added by Davide Principi about 5 years ago

postfix/main.cf: enforce strict checks on helo, sender, recipient addresses. Refs #2768

Imported restrictions from mail-common.

Revision 66a55a46
Added by Davide Principi about 5 years ago

main.cf: fragment refactor. Refs #2768

Revision e51dd4f1
Added by Davide Principi about 5 years ago

postfix sender_access table template: whitelisted senders skip strict sender checks. Refs #2768

History

#1 Updated by Davide Principi about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

In branch b2750

#2 Updated by Davide Principi about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

  • Install nethserver-mail-dev package for smtptest command
  • Update to modified version
  • unknown.tld domain does not exist and must be rejected:
        # smtptest --ehlo vboxnet1.tld --to primo.utente@vboxnet0.tld --from davidep@unknown.tld --addr 8.8.8.8   --port 25
    ... Sender address rejected: Domain not found;...
    
  • Add unknown.tld to sender whitelist in server-manager under Mail > Filter tab
  • Repeat the previous command: the message now must be accepted

#3 Updated by Davide Principi about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-mail-common-1.3.3-1.19git5aeec2c.ns6.noarch.rpm
nethserver-mail-server-1.7.0-1.9git836d38e.ns6.noarch.rpm
nethserver-mail-filter-1.1.6-5.0git2ea5d3e8.ns6.noarch.rpm

#4 Updated by Giacomo Sanchietti about 5 years ago

  • Assignee set to Giacomo Sanchietti

#5 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Before adding the exception:

[root@testserver ~]# smtptest --ehlo vboxnet1.tld --to test3@mydomain.loc --from me@mydom11.org --addr 8.8.8.8   --port 25
4.1.8 <me@mydom11.org>: Sender address rejected: Domain not found

After adding the exception:

[root@testserver ~]# smtptest --ehlo vboxnet1.tld --to test3@mydomain.loc --from me@mydom11.org --addr 8.8.8.8   --port 25
[root@testserver ~]# echo $?
0

#6 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-mail-server-1.8.0-1.ns6.noarch.rpm
  • nethserver-mail-common-1.4.0-1.ns6.noarch.rpm
  • nethserver-mail-filter-1.2.0-1.ns6.noarch.rpm
New documentation:

Also available in: Atom PDF