Limiting .forward file processing
in [Postfix]
|
From: Mariusz =?iso-8859-2?Q?Kie=B3pi=F1ski?= on 22 Jun 2010 05:53 Hello allow_mail_to_commands and allow_mail_to_files according to http://www.postfix.org/postconf.5.html are global for all users. I have a need do disallow processing of .forward for most user (default behavior) however some of them should still have a possibility of usage .forward file. In the other words is this possible to block processing .forward file for some users ? Regards, Mariusz Kielpinski
From: Victor Duchovni on 22 Jun 2010 09:40 On Tue, Jun 22, 2010 at 11:53:37AM +0200, Mariusz Kie?pi?ski wrote: > allow_mail_to_commands and allow_mail_to_files according to > http://www.postfix.org/postconf.5.html are global for all users. I have a > need do disallow processing of .forward for most user (default behavior) > however some of them should still have a possibility of usage .forward > file. In the other words is this possible to block processing .forward > file for some users ? Yes, by using multiple copies of the local transport in master.cf, and using transport_maps to route mail for selected users to an alternate local transport, (with -o foo=bar overrides in master.cf). local2 unix - n n - - local -o ... -- Viktor.
From: Mariusz =?iso-8859-2?Q?Kie=B3pi=F1ski?= on 22 Jun 2010 12:04 Victor Duchovni wrote: > On Tue, Jun 22, 2010 at 11:53:37AM +0200, Mariusz Kie?pi?ski wrote: > >> allow_mail_to_commands and allow_mail_to_files according to >> http://www.postfix.org/postconf.5.html are global for all users. I have a >> need do disallow processing of .forward for most user (default behavior) >> however some of them should still have a possibility of usage .forward file. In the other words is this possible to block processing .forward file for some users ? > > Yes, by using multiple copies of the local transport in master.cf, and using transport_maps to route mail for selected users to an alternate local transport, (with -o foo=bar overrides in master.cf). > > local2 unix - n n - - local > -o ... > Ok. So I added in master.cf local_no_forward unix - n n - - local -o allow_mail_to_commands=alias -o allow_mail_to_files=alias I also created transport_maps /user@.*/ local_no_forward: and postmap-ed it To main.cf I added transport_maps = pcre:/etc/postfix/transport_maps It seems that maps works because DF82C8B2E8: to=<user(a)xxxxxxx>, relay=local_no_forward, delay=0.12, delays=0.06/0.01/0/0.05, dsn=2.0.0, status=sent (forwarded as EFDC48B2E6) However .forward file in home directory of user still works What is wrong ?
From: Victor Duchovni on 22 Jun 2010 13:22 On Tue, Jun 22, 2010 at 06:04:37PM +0200, Mariusz Kie?pi?ski wrote: > Victor Duchovni wrote: > > On Tue, Jun 22, 2010 at 11:53:37AM +0200, Mariusz Kie?pi?ski wrote: > > > >> allow_mail_to_commands and allow_mail_to_files according to > >> http://www.postfix.org/postconf.5.html are global for all users. I have a > >> need do disallow processing of .forward for most user (default > behavior) > >> however some of them should still have a possibility of usage .forward > file. In the other words is this possible to block processing .forward > file for some users ? > > > > Yes, by using multiple copies of the local transport in master.cf, and > using transport_maps to route mail for selected users to an alternate > local transport, (with -o foo=bar overrides in master.cf). > > > > local2 unix - n n - - local > > -o ... > > > Ok. So I added in master.cf > local_no_forward unix - n n - - local > -o allow_mail_to_commands=alias > -o allow_mail_to_files=alias > > I also created > transport_maps > /user@.*/ local_no_forward: > > and postmap-ed it You don't postmap regexp tables. More importantly you are aliasing this address local-part in all remote domains to be local. That's wrong. You must list the local domains one by one in the transport table user(a)a.example.com local_no_forward user(a)b.example.com local_no_forward user(a)c.example.com local_no_forward and use a non-regexp transport table. > To main.cf > I added > transport_maps = pcre:/etc/postfix/transport_maps > > It seems that maps works because > DF82C8B2E8: to=<user(a)xxxxxxx>, relay=local_no_forward, delay=0.12, > delays=0.06/0.01/0/0.05, dsn=2.0.0, status=sent (forwarded as EFDC48B2E6) > > However .forward file in home directory of user still works The mail did not get piped to a command, it got forwarded to an address listed in .forward, the "allow_mail_to..." disable command processing. -- Viktor.
From: Mariusz =?iso-8859-2?Q?Kie=B3pi=F1ski?= on 23 Jun 2010 04:39
Victor Duchovni wrote: > You don't postmap regexp tables. More importantly you are aliasing this > address local-part in all remote domains to be local. That's wrong. > You must list the local domains one by one in the transport table > > user(a)a.example.com local_no_forward > user(a)b.example.com local_no_forward > user(a)c.example.com local_no_forward > > and use a non-regexp transport table. >> It seems that maps works because >> DF82C8B2E8: to=<user(a)xxxxxxx>, relay=local_no_forward, delay=0.12, >> delays=0.06/0.01/0/0.05, dsn=2.0.0, status=sent (forwarded as >> EFDC48B2E6) Ok. I can see your point. It was the configuration to test the idea. As you can see the mail was properly assigned to local_no_forward. You are right - in the final configuration this transport map should be rewrited. >> However .forward file in home directory of user still works > > The mail did not get piped to a command, it got forwarded to an address > listed in .forward, the "allow_mail_to..." disable command processing. That the real problem. I that case what option can be used to stop looking into these files. Regards, Mariusz Kielpinski |