From: Wietse Venema (no email)
Date: Fri May 04 2007 - 10:47:24 EDT
Anna Hegedus:
> Duane Hill wrote:
> > On Fri, 4 May 2007, Wietse Venema wrote:
> >
> >> Anna Hegedus:
> >>> May 4 07:21:58 iora4 postfix/smtp[13375]: 6DA6610B8A2:
> >>> to=<>, relay=none, delay=4.3, delays=0.05/0/4.2/0,
> >>> dsn=5.4.6, status=bounced (mail for usreseller.com loops back to
> >>> myself)
> >>
> >> This may come as a surprise to you, but on the internet,
> >> mail routing is specified with MX records.
> >>
> >> dig mx usreseller.com. says:
> >>
> >> usreseller.com. 3600 IN MX 10
> >> localhost.fabulous.com.
> >>
> >> dig a localhost.fabulous.com. says:
> >>
> >> localhost.fabulous.com. 3538 IN A 127.0.0.1
> >>
> >> If you don't want to accept such junk, use check_sender_mx_access
> >> to block mail from senders whose MX hosts is in a bogus network.
> >>
> >> /etc/postfix/main.cf:
> >> smtpd_sender_restrictions =
> >> check_sender_mx_access pcre:/etc/postfix/sender_mx_access
> >
> > Shouldn't pcre be cidr?
Yes.
> >> /etc/postfix/sender_mx_access
> >> 127.0.0.0/8 reject MX in loopback network
> >> 10.0.0.0/8 reject MX in non-routable network
> >>
> >> Wietse
> >>
> >
> >
> I don't know if I can do that. According to postconf -m, this is what
> the old server supports:
>
> /etc/postfix# postconf -m
> static
> nis
> dbm
> regexp
> environ
> btree
> unix
> hash
>
> Can I make it with one of these tables, or do I have to install PCRE or
> CIDR support?
Instead of CIDR you can specify blocks by hand.
/etc/postfix/main.cf:
smtpd_sender_restrictions =
check_sender_mx_access hash:/etc/postfix/sender_mx_access
/etc/postfix/sender_mx_access
127 reject MX in loopback network
10 reject MX in private network
192.168 reject MX in private network
172.16 reject MX in private network
172.17 reject MX in private network
...
172.30 reject MX in private network
172.31 reject MX in private network
Will do it as well.
Wietse
|
|
|