Results 1 to 3 of 3

Thread: Does reject_unknown_client in Web Admin work correctly ?

  1. #1
    markd is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    16
    Rep Power
    6

    Default Does reject_unknown_client in Web Admin work correctly ?

    Using Release 7.1.4_GA_2555.F11_20120105094332 F11 FOSS

    In the web admin page for MTA under Global settings there are DNS options.
    When I check the box for reject_unknown_client it doesn't create
    the behavior I am expecting. I can see it zmprov, and postfix_recipient_restrictions.cf BUT it doesn't show up in main.cf.

    If I add the following,
    zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"

    restart etc, it works and I can see main.cf, zmprov with setting.

    It seems like the short version doesn't get created in postfix main.cf.

    --------------------------------------------------------------
    zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_client
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_unknown_client_hostname

    and in cat postfix_recipient_restrictions.cf
    %%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient
    %%contains VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_client_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcom.net%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client cbl.abuseat.org%%
    %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
    %%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
    permit

    main.cf
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_client_hostname, reject_unknown_sender_domain, permit

  2. #2
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,368
    Rep Power
    10

    Default

    Quote Originally Posted by markd View Post
    Using Release 7.1.4_GA_2555.F11_20120105094332 F11 FOSS

    In the web admin page for MTA under Global settings there are DNS options.
    When I check the box for reject_unknown_client it doesn't create
    the behavior I am expecting. I can see it zmprov, and postfix_recipient_restrictions.cf BUT it doesn't show up in main.cf.

    If I add the following,
    zmprov mcf +zimbraMtaRestriction "reject_unknown_client_hostname"

    restart etc, it works and I can see main.cf, zmprov with setting.

    It seems like the short version doesn't get created in postfix main.cf.

    --------------------------------------------------------------
    zmprov gacf | grep zimbraMtaRestriction
    zimbraMtaRestriction: reject_non_fqdn_hostname
    zimbraMtaRestriction: reject_non_fqdn_sender
    zimbraMtaRestriction: reject_unknown_client
    zimbraMtaRestriction: reject_unknown_sender_domain
    zimbraMtaRestriction: reject_unknown_client_hostname

    and in cat postfix_recipient_restrictions.cf
    %%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
    reject_non_fqdn_recipient
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_unlisted_recipient
    %%contains VAR:zimbraMtaRestriction reject_invalid_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_client_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_helo_hostname%%
    %%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client bl.spamcom.net%%
    %%contains VAR:zimbraMtaRestriction reject_rbl_client cbl.abuseat.org%%
    %%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
    %%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
    permit

    main.cf
    smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_non_fqdn_sender, reject_unknown_client_hostname, reject_unknown_sender_domain, permit
    I'd say you found a bug in the Admin Console.

    Postfix Configuration Parameters

    Basically, reject_unknown_client doesn't exist any more in Postfix; it has been broken up into two different settings to provide a little more granularity of control. I expect the scripts behind the Admin Console haven't been updated.

    Please file a bug, quote this forum post, and I'll be happy to vote for it.

    Hope that helps,
    Mark

  3. #3
    markd is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    16
    Rep Power
    6

    Default

    Thanks for confirming what I was thinking. I haven't had time to file the bug yet.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Backups Disappear from Zimbra Admin Web Console
    By eatickets in forum Administrators
    Replies: 0
    Last Post: 12-13-2011, 12:01 PM
  2. Replies: 23
    Last Post: 05-06-2008, 02:24 PM
  3. Problem logging in from web admin console.
    By joeleo in forum Installation
    Replies: 2
    Last Post: 02-15-2008, 07:32 AM
  4. Silly mistake -- now cant log into admin console
    By animasana in forum Administrators
    Replies: 10
    Last Post: 07-05-2007, 04:00 AM
  5. Replies: 4
    Last Post: 01-18-2006, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •