From: Chuck Amadi (no email)
Date: Thu Mar 01 2007 - 05:51:51 EST
Hi
I am sorry you have lost me.
Your mail servers that act as relays should point to your mail relay
server and within the main.cf on the mail relay server add "!"
exclamation marks to suit.
Those that are allowd just add ip address within the mynetworks
directive there is also another tool you can use called nullmailer as a
simple andsecure mail programme . The aim is to have a command line
program sendmail as the only way to send mail good for web servers thus
you can tighthen things up
So only root can send mail and only to your mail relay server thre was a
post on postfix mailing list recommending this program
Blurb
Nullmailer is a sendmail/qmail/etc replacement MTA for hosts which relay
to a fixed set of smart relays. It is designed to be simple to
configure, secure, and easily extendable.
http://freshmeat.net/projects/nullmailer/
Cheers
huck Amadi wrote:
> Hi Eray Aslan
>
> Just adding my 50 cents that is what we had implemented to aid domains
> that you don't want relay mail to add "!" mark before the ip address
> using the mynetworks directive as below.
>
> # Contains "!" entries for clients we do not want to relay through
> here even though they are our clients.
> # So add "!" before the ip address of your server in question.
> mynetowroks = www.xxx.www.zzz, !aaa.bbb.ccc.ddd
>
> It's clean and simple
>
> Ta
>
> Chuck
>
>
> wrote:
>> Jan P. Kessler wrote:
>>
>>>> I've bought the O'Reilly book about Postfix and I see that I can
>>>> create
>>>> my own restriction classes.
>>>> My question is the following: can I use this to choose which computer
>>>> are allowed to use my relay server to send mail to Internet and which
>>>> are not ?
>>>>
>>> You can BUT you don't need that nuclear rocket to kill some sparrows ;)
>>> Just set your mynetworks correctly:
>>>
>>> mynetworks = 192.168.1.0/24, !192.168.1.2, !192.168.1.3
>>> smtpd_recipient_restrictions = permit_mynetworks
>>> reject_unauth_destination
>>>
>>> This allows relaying to 192.168.1/24 but not for .2 and .3. If the list
>>> grows you can put that information into files (i'd suggest "cidr" type
>>> dbs).
>>>
>>
>> From postconf(5) regarding mynetworks:
>>
>> [...]
>> The list is matched left to right, and the search stops on the first
>> match.
>> [...]
>>
>> You need to reverse the order. !192.168.1.2/32 192.168.1.0/24
>>
>>
>
>
-- Chuck Amadi ROK Corporation Limited Ty ROK, Dyffryn Business Park, Llantwit Major Road, Llandow, Vale Of Glamorgan. CF71 7PY Tel: 01446 795 839 Fax: 01446 794 994 International Tel: +44 1446 795 839 email: This email is confidential to the addressee only. If you do not believe that you are the intended recipient, do not pass it on or copy it in any way. Please delete it immediately.
|
|
|