Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

check_sender_access map seems to be ignored

Status
Not open for further replies.

Albert25

ISP
Mar 24, 2016
2
CH
I have

[pre]smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_sender_access pcre:/etc/postfix/sender_access.pcre,
check_recipient_access hash:/etc/postfix/recipient_access,
[/pre]

but the check_sender_access map seems to be ignored, and I cannot understand why.

For example, I have this line in the file:

[tt]/^[A-Z][a-z]{2,}[A-Z][a-z]{2,}\d\d+@/i REJECT You look like spam bot 1[/tt]

The test with a sender address that was accepted seems to show it should have been rejected:

[pre]postmap -q "HoldenAlejandra43@jmcwealth.com" pcre:/etc/postfix/sender_access.pcre
REJECT You look like spam bot 1
[/pre]

What am I doing wrong?

Below is my full (slightly edited) postconf -n output.

Thanks for your help

[pre]alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 4h
home_mailbox = Maildir/
inet_interfaces = all
local_recipient_maps = unix:passwd.byname, $alias_maps
mailbox_size_limit = 0
message_size_limit = 20480000
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mydestination = mail.example.com, localhost.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 my.ip.add.ress/26
myorigin = /etc/mailname
non_smtpd_milters = unix:/opendkim/opendkim.sock
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_error_sleep_time = 5s
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_milters = unix:/opendkim/opendkim.sock
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_sender_access pcre:/etc/postfix/sender_access.pcre, check_recipient_access hash:/etc/postfix/recipient_access,
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/MyCA.pem
smtpd_tls_cert_file = /etc/ssl/MyCert.pem
smtpd_tls_key_file = /etc/ssl/private/MyCert.key
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = regexp:/etc/postfix/virtual.regex
[/pre]

 
It looks like the sender address is converted to lower case before the lookup.
So apparently, it is not possible to match upper case characters in a pcre lookup
(which also makes the /i flag quite useless and misleading)

Debug output shows the "problem" :

[pre]Mar 24 14:42:50 pe2 postfix/smtpd[28637]: >>> START Sender address RESTRICTIONS <<<
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: generic_checks: name=check_sender_access
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: check_mail_access: SomeUser1234@somedomain.tld
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: ctable_locate: move existing entry key SomeUser1234@somedomain.tld
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: check_access: someuser1234@somedomain.tld
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: dict_pcre_lookup: /etc/postfix/sender_access.pcre: someuser1234@somedomain.tld
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: check_domain_access: somedomain.tld
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: check_access: someuser1234@
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: generic_checks: name=check_sender_access status=0
Mar 24 14:42:50 pe2 postfix/smtpd[28637]: >>> END Sender address RESTRICTIONS <<<
[/pre]

Is there any way to prevent this case folding to happen?

I have postfix version 2.9.6 (in Debian Jessie).

Thanks.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top