From: Vernon A. Fort (no email)
Date: Mon Mar 02 2009 - 17:58:43 EST
Noel Jones wrote:
> Vernon A. Fort wrote:
>> I have a setup which we use an external mail filtering service and
>> need to limit/restrict external client access. Meaning the MX for
>> the domain points to the filtering service and they relay checked
>> email. I need to limit access to just these network blocks but also
>> allow sasl authenticated as well as the internal network.
>> I also do not want to blindly trust this service so i would like to
>> check the IP address as well as ensuring the recipient is for my domain.
>> can someone point me to an example or man page. I cannot seem to
>> find anything related to limiting inbound smtp clients/servers.
> Minimal config:
> # main.cf
> # do not include filter service IPs in mynetworks
> mynetworks = 127.0.0.0/8 ...
> smtpd_recipient_restrictions =
> check_client_access cidr:/etc/postfix/filter_service
> # filter_service
> 126.96.36.199/24 OK
> ... other cidr ranges filter service uses ...
> -- Noel Jones
What i have now under the smtpd_*_restrictions:
smtpd_etrn_restrictions = reject
check_client_access (for white listing client sites - just in
case they get rbl listed)
What i 'thinking' of is:
The filter_service.cidr would look like
Would it be redundant to have the permit_sasl and permit_mynetworks
under both the smtpd_client and smtpd_recipient?