I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?
View 1 RepliesI hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
View 7 Replies View RelatedI need to have a postfix server to rewrite the sender's address. For example, if the sender is: [URL], then the recipient would receive all emails from [URL] as [URL]. I tried using the generic file and created a table out of it, but this did not work:
postmap /etc/postfix/generic
-rw-r--r-- 1 root root 9977 Dec 27 15:24 generic
-rw-r--r-- 1 root root 12288 Dec 27 15:25 generic.db
I added this line to the generic text file:
[code]....
I am running two boxes with postfix 2.3.3. and 2.1.1 respectively. Both need this configuration. I also added this line:
smtp_generic_maps = hash:/etc/postfix/generic
on the main.cf file. However, this did not work. The one running postfix 2.3.3 is on Centos 5.5, the other one is on SuSe Enterprise 9.
I would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
I have set up a couple of postfix servers for my domains, but the only thing I am missing now is this: How to block the public sending mail from my email to my email? I have managed it with SPF, but surely there must be a better way, that returns "relay not allowed" to the client. The SPF method costs too much, since it must make a dns request for each mail. So far, I have not gotten many of these mails, unless when testing my mailserver, but as I see it, anyone should not be allowed to send mail from abuse@mydomain.com to abuse@mydomain.com.
Somebody must have thought about this a long time ago, and there is simply that little line in main.conf that I'm missing.. My setup is this (virtual): I have a primary mx, with postfix, courier IMAP/POP3 server, a user database, and sasl via saslauthd. I also have a secondary mail server (backup mx) with no sasl auth, but with a copy of the mail users in the virtual tables, but added as relay_* users instead.
Spamassassin and SPF testing is replicated too, so most of the stuff should work, but I simply cannot find a setting in Postfix that denies someone to mail FROM my address TO my address. When mailing from my address and out in the open, they are required to authenticate, but not when using one of my my domain addresses, and also targeting my domain addresses.
As said, It is possible with a strict SPF setting, but that is at a cost for every lookup. It would be quicker for postfix to lookup the sender and the recipient in the relay/virtual tables, and deny if both addresses were in the recipient tables, and sender is not authenticated.
I'm running gnome desktop on squeeze system. When I boot my system seems to be using my internet modem as its dhcp server. The rest of the machines on my lan are correctly using my router for that purpose. As a result, what happens then is that my debian machine frequently gets a duplicate ip address assigned to it. I would like to specify to my debian computer that I want it to use the specific fixed ip address of my router for dhcp purposes.
View 9 Replies View RelatedI have setup Denyhosts to run on my server, and have been using it succesfully for the last few weeks, to allow me to ssh into my server from my home dev machine.
This morning, I accidentally typed my password incorrectly three times - and ended up being locked out of the system (tghat was ok, because that was what was supposed to happen). I logged into the server via another way and took the following actions (in the order given)
/etc/init.d/ssh stop
/etc/init.d/denyhosts stop
removed my IP address from /etc/hosts.deny
/etc/init.d/ssh start
[Code].....
I wish to intercept/forward emails that is sent to one user on multi user mail server.I only want email from one specific address or group,to be redirected and it will be redirected to another user on same server.The email should not arrive in original users inbox.".forward" file can not give me such solution,because ".forward" file will forward all mails to another specific mail id,which i don't want. I want only specific users mails onto another local user.Is this possible in sendmail?Anybody have clear idea of "virtusetable" & "aliases" file?
View 1 Replies View RelatedThis is a transcript I get emailed at least once every day, usually about 3 to 10 a day recently.
Transcript of session follows.
SMTP server: errors from unknown[ip address]
<boring stuff snipped>
In: RCPT TO: <server@my domain>
Out: 550 5.1.1 <server@my domain>: Recipient address rejected: User unknown in local recipient table
Session aborted, reason: lost connection Now I cannot seem to find anything via Google, as when I put "server@" anywhere in the string, I just get web hosting or other kroomst. The emails usually come from legit places, usually hotels. Does this mean they are sending bad emails, i.e. they have a Trojan/worm, or is this a live hack attempt?. I believe the later, as I might get upto 3 domains from the one ip address, which is always, NOT associated with the listed domain. Not causing me any issues, except I have been getting a lot recently.
One of our clients uses a mobile client, which "helo"s with a non-resolvable hostname (which contains the correct IPv4 address in the name but does not resolve). I'd like to be able to config PERMIT "joeblow@mydomain" when the helo-names "*.mobilepool.carrier.net". Can anybody give me a hint how to do this, if it is even possible?Right now it just rejects based on not resolving the HELO name.
View 2 Replies View RelatedI'm trying to figure out how to access the local part and the domain part of an email address in postfix's main.cf. For example, myname@mydomain.net has myname as the local part and mydomain.net as the domain part.I get the whole email address with %s. I want to speed up the lookups by writing better database queries.I've had no luck finding this in the otherwise well documented postfix.
View 2 Replies View Relatedi am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified
#The following commands will only allow specific IP to login to ssh.
#AllowUsers admin user1 user2
#AllowGroups
# override default of no subsystems.Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....
i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,
Is there a way of allowing only certain domain to send e-mails to certain specific e-mail address. I am using Sendmail, and I have an alias which translate to certain members of staff within my organization. I don't expect e-mails from outside our domain to be sent to this alias e-mail address.
View 1 Replies View RelatedI have a user who was getting constantly spammed so I deleted their email account but it's still coming in and trying to get delivered, how do drop all email for a specific email address?
View 4 Replies View RelatedWorking in a SW company. guys transfer their codes through email outside the company. mailserver running on postfix. Is there any method to filter mails according to contents of attachment not by file extension.
View 3 Replies View Relatedis there any HOWTO for configuring Webmin Postfix server with multiple postfix virtual hosts? Seems to be a tough challenge to set it up without any easy manual..
View 1 Replies View Relatedso i set out to change the default smtp port the server uses because my ISP blocks port 25 and i need the email to work in outlook. this morning i could receive email, but not send it. so i did some research and thought that i needed to edit the master.cf file in /etc/postfix/ by commenting out this line: smtp inet n - n - - smtpd -oand replace it with587 inet n - n - - smtpd (587 being the port i want to use)somewhere along the lines postfix server stopped running and now i cannot get it to start.if i try using SSH it crashes immediately and if i restart it in simple control panel nothing happens
View 7 Replies View RelatedI recently moved over user from an old box running postfix(v 2.0.16) over to rhel 6 running postfix (v mail_version = 2.6.6). ive tried to make sure all the files are of correct permissions and that the main.cf file is configured corectly. However there is something wrong as when i run postfix: service postfix server i get no error but when checking the status:service postfix status i get: master dead but pid file exists Looking into /var/log/mailog i find this line being the issue:
Feb 25 16:24:39 puny1 postfix/master[3517]: fatal: fifo_listen: create fifo public/pickup: Permission denied
I gather this is a file permission issue and ive tried to make sure the public folder in /var/spool/postfix is correctly set but still no avail.
I want to deny access to my server by PC's from other sub LAN on my company, so I will add the lines ALL: xxx.xx.xx. to hosts.allow and ALL: ALL to hosts.deny?
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
[Code].....
I can't seem to set this older server right to deny outside access while I build a website on it. What I am trying to accomplish is deny anyone outside of my network access to the website, but replace the 403 error with a temp page letting them know it is coming soon. I have googled for hours and everything I have tried just denies me as well. Seems to be all or nothing.
My last attempt was:
Code:
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin me@mydomain.com
DocumentRoot /home/me/www/site
ErrorDocument 403 /temp.htm
<Directory />
Options FollowSymLinks -Indexes Multiviews
AllowOverride None
Order Deny,Allow
Allow from 192.168.0.*
Deny from all
</Directory>
</VirtualHost>
I'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
I have a squid3 on a debian lenny box but cannot get access to any site.
If i remove the http_access deny all works, but i just want those ip to get access to squid
My squid.conf
Code:
intranet:/etc/squid3# cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl all src 0.0.0.0/0
[Code].....
how to block a specific MAC address
View 2 Replies View RelatedSomething strange with my firewall i used firestarter I dont know why i cannot ping outside on a specific IP address here is my setup. I have IP from ISP
119.92.56.77 - eth0
192.168.50.1 - eth1
with DHCP features from 192.168.50.1 - 254. my problem is i cannot ping this specific IP address which is 119.93.232.234 if you can try there and pinging is ok but here cannot because that IP address (119.93.232.234) they used that to connect to our openvpn which is the IP is 119.92.56.78 <---- this system linux(centos) or IP has no firewall enabled. meaning i separeted this connection. which my setup is like this for OPenVPN
[code]...
I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.
View 6 Replies View Relatedtell postfix to send email sent to one email address to another email address. What I really need to do is tell postfix that every email sent to [URL] and [URL] be sent to [URL] I tried transport maps like this: [URL] but that did not work. I then tried canonical maps like this:
recipient_canonical file:
/^((dbsupport|helpdesk).*)thisdomain[.]com$/ admins@thatdomain.com
sender_canonical file:
/^(.*@).*thisdomain[.]com$/ ${1}thatdomain.com
but it did not work either. I am really exhausted and I need to find a solution for this one since it is my boss asking me to get this working. This is what if in /var/log/mail in box1:
Dec 28 16:10:25 box1 postfix/pickup[19291]: 54D258F726: uid=0 from=<root>
Dec 28 16:10:25 box1 postfix/cleanup[23489]: 54D258F726: message-id=<4D1A5241.mailIBZ11LRR6@box1.thisdomain.com>
[code]....
There is a mail server formed by debian4 + postfix 2.3.8 . Some messages aren't received or take too loong to be received. Here is a example or error in mail.log:
Code:
Mar 24 10:30:42 myserver postfix/smtpd[7467]: NOQUEUE: reject: RCPT from n7b.bullet.mail.re1.yahoo.com[69.147.103.218]: 450 4.1.7 <sentto-733423426-11-134235567-myname=mydomain.com@returns.groups.yahoo.com>: Sender address rejected: unverified address: Address verification in progress; from=<sentto-733423426-11-134235567-myname=mydomain.com@returns.groups.yahoo.com> to=<myname@mydomain.com> proto=SMTP helo=<n7b.bullet.mail.re1.yahoo.com>
[Code]...
i have problem with my configuration iptables, i have configured for transparent like this,
for masquerade -> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
for transparent -> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
how to make a rule if there 1 address i dont want to redirect to port 3128? in other words 1 specific address just run on port 80.
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
View 3 Replies View RelatedI have vps box with debian. I have two ip addresses, but first (default) is currently unavailable. In that case there is many problem. Fortunately wget has --bind-address option so I can download. My question is how can i configure apt-get, aptitude to use specific address?
View 1 Replies View Related