Ubuntu Servers :: Postfix Per User Smtpd Restrictions?
Feb 15, 2010
Been trying for some time to get Postfix to not allow some internal users to send email externally. I have found some good resources online but none of them work. The user is still able to send email internally and externally.
I used the following web pages to assist me... [URL]
Below is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
I have searched other post on here and they appear to be relevant but when I enter in the exact same commands it denies relay access to everyone. I have also used the postmap command to refresh the database.
Below is my main.cf # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname.
I seem to be able to install / configure Postfix server in 10 minutes as an MTA for a single domain but my struggle is really understanding the maps / restrictions which even after reading "The Book of Postfix" is not very clear to me:
My question is between those commonly used three maps above, what are the difference between them and how do I know when to use one over the other? Can someone clearly explain them to me? Here's what I have in my 'main.cf' but honestly I couldn't tell you if they're correct or now:
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
I'm configuring a server but at this time I can't send mail. I tried using the PHP mail() function and it didn't work. Webmin says I have no mail configured. I'll be the only user and mail recipient. I've used Squirrelmail and Roundcube before and liked them.
Do I need to install Postfix in order to user Squirrelmail or Roundcube? How should I set up mail?
Here's my setup:
10.04 LTS Server edition Webmin 1.520 Apache 2.x MySQL 5.x PHP 5.x
I configured my server to have the virtual mail authenticated and stored through mysql DB.Now the authentication works, but then I got the dreaded -ERR chdir error.After research and testing for ohurs I finally got it working on ONE account after I created the maildir with maildirmake.Now I am able to login and "list" messages, but nothing else. When I use postfixadmin to setup a new user, the maildir does not get created so I have the same problem.I'm trying to troubleshoot what is happening.Here are the relevant config files:
I have a user that has already used up a demo 24hr trial on my website. At present, I only check the customer id and the IP address to search for duplicates. On the whole this works but it's not foolproof. We now have 1 user from China that is changing their IP address everyday to get access to the free trial. Any options on what to do? I thought of downloading a cookie to their computer that the website could pick up - again not foolproff but most people don't disable cookies. Any other options?
I could ban China temporarily until the user gives up but if they find another proxy to chain then their IP address will be different again.
I've got Ubuntu server 10.04 set up and I wanted to make a few restrictions. It's pretty much just acting as a VMware server at the moment, and there are some users I've created who I only want to be able to be able to log into the VMware infrastructure web interface. I want to make sure these users can't log in via SSH, FTP, or the console itself. I understand how to block them from logging in via SSH by using DenyUsers, and I added these users to the /etc/ftpusers file to lock them out of FTP, but how can I block them from logging in at the console itself?
I tried locking the user out by editing the /etc/passwd file, but the problem is that by doing this, it also prevents the user from being able to log into the VMware web interface.
The user's entry in /etc/passwd looks like this: bsmith:*:1005:1005:Bob Smith,,,:/home/bsmith:/bin/bash
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the machine where it is processed. This means disabling access to the ethernet device, lan, all other ports as mentioned earlier, and any other way of leaking the data.
In Mac OSX this was achieved using "Parental controls" from the System preferences; this even allows a selection of the applications that can be used. Under XP, Device Manager offers the option to click various devices and "Disable" them, which worked so far just fine. Some will point out that the latter mentioned OS may be easy to circumvent the security of in other ways, but that has been mitigated with other measures and it's not the point anyway. For the operator users in question, the aforementioned measure proved successful and worked.Using OSX and XP to do this was a 10-15 minutes job with testing included.
So far all guides and tutorials pointed to useradd, groups an facl, but in actual practical terms did not help at all, in fact most of the research did not render any practical results so far. I surely don't expect to point and click, and would gladly run a set of commands from CLI. If I had them. I would really would like to achieve the same restricted user account configuration in a concise, comprehensive and practical manner under Linux too. Preferably tested on humans before, and known to be workign, of course. The machines that need to be set up are two laptops running Ubuntu. So how can this be accomplished in Linux?
I'm looking into migrating postfix mailboxes and users from an old machine running Fedora5 to a new machine running cenOS. I was wondering, what would be the procedure to migrating over existing postfix mail to the new machine? Is it as simple as copying over /home directories and /etc/passwd etc?
I have an issue in my organisation that a particular user X's mail not able to forward from my linux server MTA postfix to my second windows exchange (HUB)mail server. We use linux mail server as SMTP Gateway we have implemented fetchmail for doing this job. and its MTA is postfix OS is SUSE. Rest users mail are able to come in exchange HUB server via linux mail server. When I see that purticular user X mail in linux I am able see its spool file in /var/spool/mail and also via mail or mutt command. My question is why postix not able to forward that user X mail to our exchange HUB server.
I have this strange error - I switched from postfix 2.6.5 to 2.8.2 and I some mailservers cannot send mail to me. One of them was some sendmail server. I have virtual alias maps in mysql. It works fine for almost all server that are sending mail to me, but some of them seems to send mails as user@FQDN instead of user@virtualdomain my machine name is x49.tvujweb.cz, and mz email is firstname.lastname@example.org but in server logs is that user email@example.com cannot be found in virtual alias maps.
I've tried to configure the mail service in RHEL6 but seems both sendmail and postfix can't use local user located in /etc/passwd.
Like, user Tommy and Jake they got User Unknow from maillog Tommy:x:506:507::/home/Tommy:/bin/bash Jake:x:507:508::/home/Jake:/bin/bash But IF I use users' home folder not located in /home then it can go throught.mailuser2:x:513:514::/rhome/mailuser/mailuser2:/bin/bash mailuser3:x:514:515::/rhome/mailuser/mailuser3:/bin/bash
so the emails no matter which domain receives the email trscookie always will receive the email.
However I am unable to work out how to 'reverse' this process, for example.
If i was to go to secondserver.com/webmail I would like the emails to get sent from firstname.lastname@example.org however they are currently all coming from serverone.com. Is it possible to configure this so that it is sent from the correct domain?
why no matter what email I send to a user I get this error relay1 postfix/local: 75941291D4: to=<email@example.com>, relay=local, delay=0.14, delays=0.07/0.02/0/0.05, dsn=5.1.1, status=bounced (unknown user: "username")
I have a RHEL 4.5 with Postfix 2.2.10 configured as a smart host for an Exchange 2003 server. Its been running well for three years like this. We have some users that are configured with alternate SMTP addresses for a secondary email domain in Exchange. One user is not getting his email for the secondary SMTP. All the others are. After some digging, the maillog indicates Postfix is not relaying his email to Exchange but to the Postfix local mail folder under /var/spool/mail. What in the configuration would cause this? His email is in the relay_recipients file as the others are.
I have a postfix server running on a virtual machine hosted by vpslink.com. I have followed the following configuration guide to install the system with dovecot, sasl smtpd authentication, and postfix as an mta: [URL](I know it says it's a debian configuration, but it seemed legitimate that I could follow it). Anyway, in sending email from my primary email account, I have found that roughly 1/2 of the messages are delivered, and 1/2 of them are rejected with a message similar to the following:
I can't seem to reinstall Postfix. I followed a guide and couldn't get it to work. After I retried a few times I gave up and deleted all files and folders I could find related to Postfix. Well I realized what the issue was and now that I want to try reinstalling Postfix it won't allow me.
When I type:
Code: sudo apt-get install postfix Reading package lists... Done Building dependency tree Reading state information... Done postfix is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded. 1 not fully installed or removed.
I have been following the guide atand it has all worked perfectly and as expected, except for when it says to run "telnet localhost 25". Instead of getting an ip address displayed as I have seen it is supposed to, it just out puts this."Trying 127.0.0.1...Connected to localhost.localdomain.Escape character is '^]'.Connection closed by foreign host."
Im trying to limit the diskspace users on the system may consume, and i found quotas (im a total linux noob). But when i try to set it, no matter what i set it to the maximus is 2 GB. Now... i need quite a lot more than that. One user should be able to use 1900 GB and the other 600 GB. How can i fix this? Im using ubuntu server 10.04.
I have a mail server taking care of mail for my 4 domains; the first is used for virtually all mail, the second rarely used anymore, the third is virtually 100% spam the past year(?), and the fourth isn't in use (and never has been, so no spam). What I'd like to do is to reject all mail to the third domain. Right now this is what I get (I tried to send to a nonexistent address from gmail):
Since my username (xyz@) is the same for all domains, I could (or so I hope) change the reject message to give a hint to replace [URL] with [URL] and try again.