Enhancement #2768
Relax Postix restrictions for whitelisted senders
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-mail-filter | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
The amavisd/SenderWhitelist
prop is honoured by amavisd to bypass spam checks. Anyway, Postfix still enforces reject_unknown_sender_domain
rule in smtpd_sender_restrictions
. Thus a mail from a non existent domain can't be delivered even if the sender domain is whitelisted.
Honour amavisd/SenderWhitelist
prop in smtpd_sender_restrictions
.
[ Rif Nethesis 2014061110000058 ]
Example scenario: some internal servers (with a .local
domain) send email notifications to NethServer. Emails are refused because the sender domain does not exist.
Associated revisions
main.cf: removed SMTP compliance checks. Refs #2768
This kind of restrictions are now enforced by mail-filter.
postfix/main.cf: enforce strict checks on helo, sender, recipient addresses. Refs #2768
Imported restrictions from mail-common.
main.cf: fragment refactor. Refs #2768
postfix sender_access table template: whitelisted senders skip strict sender checks. Refs #2768
History
#1 Updated by Davide Principi almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
In branch b2750
#2 Updated by Davide Principi almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
- Install
nethserver-mail-dev
package forsmtptest
command - Update to modified version
unknown.tld
domain does not exist and must be rejected:# smtptest --ehlo vboxnet1.tld --to primo.utente@vboxnet0.tld --from davidep@unknown.tld --addr 8.8.8.8 --port 25 ... Sender address rejected: Domain not found;...
- Add
unknown.tld
to sender whitelist in server-manager underMail > Filter
tab - Repeat the previous command: the message now must be accepted
#3 Updated by Davide Principi almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-mail-common-1.3.3-1.19git5aeec2c.ns6.noarch.rpm
nethserver-mail-server-1.7.0-1.9git836d38e.ns6.noarch.rpm
nethserver-mail-filter-1.1.6-5.0git2ea5d3e8.ns6.noarch.rpm
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee set to Giacomo Sanchietti
#5 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Before adding the exception:
[root@testserver ~]# smtptest --ehlo vboxnet1.tld --to test3@mydomain.loc --from me@mydom11.org --addr 8.8.8.8 --port 25 4.1.8 <me@mydom11.org>: Sender address rejected: Domain not found
After adding the exception:
[root@testserver ~]# smtptest --ehlo vboxnet1.tld --to test3@mydomain.loc --from me@mydom11.org --addr 8.8.8.8 --port 25 [root@testserver ~]# echo $? 0
#6 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-mail-server-1.8.0-1.ns6.noarch.rpm
- nethserver-mail-common-1.4.0-1.ns6.noarch.rpm
- nethserver-mail-filter-1.2.0-1.ns6.noarch.rpm