I have the following in main.cf:
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_sender_access pcre:/etc/postfix/sender_access.pcre,
check_recipient_access hash:/etc/postfix/recipient_access,
And this line in the /etc/postfix/sender_access.pcre file:
/^[A-Z][a-z]{2,}[A-Z][a-z]{2,}\d\d+@/i REJECT You look like spam bot 1
Testing the map with an address from the mail log seems to show it should have been rejected:
$ postmap -q "[email protected]" pcre:/etc/postfix/sender_access.pcre
REJECT You look like spam bot 1
However, that mail was accepted.
What is wrong with my config?
Below is my full (slightly edited) postconf -n output in case there is something relevant:
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 4h
home_mailbox = Maildir/
inet_interfaces = all
local_recipient_maps = unix:passwd.byname, $alias_maps
mailbox_size_limit = 0
message_size_limit = 20480000
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mydestination = mail.example.com, localhost.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 my.ip.add.ress/26
myorigin = /etc/mailname
non_smtpd_milters = unix:/opendkim/opendkim.sock
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_milters = unix:/opendkim/opendkim.sock
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access pcre:/etc/postfix/sender_access.pcre, check_recipient_access hash:/etc/postfix/recipient_access,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/MyCA.pem
smtpd_tls_cert_file = /etc/ssl/MyCert.pem
smtpd_tls_key_file = /etc/ssl/private/MyCert.key
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = regexp:/etc/postfix/virtual.regex
Update:
A debugging test session shows that the address is converted to lower case before the real lookup, even though postmap -q doesn't do that. This also makes the /i flag in pcre: tables useless in this situation.
... smtpd[28637]: >>> START Sender address RESTRICTIONS <<<
... smtpd[28637]: generic_checks: name=check_sender_access
... smtpd[28637]: check_mail_access: [email protected] > ... smtpd[28637]: ctable_locate: move existing entry key [email protected]
... smtpd[28637]: check_access: [email protected]
... smtpd[28637]: dict_pcre_lookup: /etc/postfix/sender_access.pcre: [email protected]
0 Answers