- Previous message: Christian Garling: "Re: ACCESS Controls?"
- Maybe in reply to: Scott Sharkey: "ACCESS Controls?"
- Next in thread: Victor Duchovni: "Re: ACCESS Controls?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: mouss (no email)
Date: Thu Sep 15 2005 - 16:11:53 EDT
Scott Sharkey a écrit :
> Hello All,
>
> I'm trying to set up a server that only accepts mail from a very small,
> select list of sites. I have set up an access file, and am using
> the following:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> check_client_access: hash:/etc/postfix/pop-before-smtp,
> check_client_access: hash:/etc/postfix/access,
> reject_unauth_pipelining,
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_non_fqdn_hostname,
> reject_unauth_destination,
> permit
>
> Access contains:
> ip.site1.com OK
> ip.site2.com OK
> ip.site3.com OK
you are allowing these sites to relay mail through you (the cehck comes
before reject_unauth_destination).
>
> So, how do I tell "access" to deny everyone else? Is there a * REJECT?
smtpd_recipient_restrictions =
permit_mynetworks,
check_client_access: hash:/etc/postfix/pop-before-smtp,
check_client_access: hash:/etc/postfix/access,
reject
would do. but are you sure you want to refuse mail from all but selected
networks? if this box is your MX, you should accept mail from all but
selected networks. otherwise, how would people reply to your users.
Note that mail to <postmaster> is whitelisted and will still be accepted
(as is mail to the address used in address verification probes).
>
> Would that interfere with anything else? I don't think I need all the
> other stuff if I had the above, because the access file would pretty
> much define who can connect, and everyone else would be rejected, right?
see above. many people will blocklist you if you block them without
reason. so you'll end up building a "private team space"...
|
|
|