Re: ACCESS Controls?

From: mouss (no email)
Date: Thu Sep 15 2005 - 16:11:53 EDT

  • Next message: Lars: "<closed> Mail Bounces"

    Scott Sharkey a écrit :

    > Hello All,
    > I'm trying to set up a server that only accepts mail from a very small,
    > select list of sites. I have set up an access file, and am using
    > the following:
    > smtpd_recipient_restrictions =
    > permit_mynetworks,
    > check_client_access: hash:/etc/postfix/pop-before-smtp,
    > check_client_access: hash:/etc/postfix/access,
    > reject_unauth_pipelining,
    > reject_invalid_hostname,
    > reject_non_fqdn_sender,
    > reject_non_fqdn_recipient,
    > reject_unknown_sender_domain,
    > reject_unknown_recipient_domain,
    > reject_non_fqdn_hostname,
    > reject_unauth_destination,
    > permit
    > Access contains:
    > OK
    > OK
    > OK

    you are allowing these sites to relay mail through you (the cehck comes
    before reject_unauth_destination).

    > So, how do I tell "access" to deny everyone else? Is there a * REJECT?

    smtpd_recipient_restrictions =
        check_client_access: hash:/etc/postfix/pop-before-smtp,
        check_client_access: hash:/etc/postfix/access,

    would do. but are you sure you want to refuse mail from all but selected
    networks? if this box is your MX, you should accept mail from all but
    selected networks. otherwise, how would people reply to your users.

    Note that mail to <postmaster> is whitelisted and will still be accepted
    (as is mail to the address used in address verification probes).

    > Would that interfere with anything else? I don't think I need all the
    > other stuff if I had the above, because the access file would pretty
    > much define who can connect, and everyone else would be rejected, right?

    see above. many people will blocklist you if you block them without
    reason. so you'll end up building a "private team space"...

  • Next message: Lars: "<closed> Mail Bounces"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD