Re: Restrict external hosts

From: Vernon A. Fort (no email)
Date: Mon Mar 02 2009 - 17:58:43 EST

  • Next message: MacShane, Tracy: "RE: mysql lookup errors"

    Noel Jones wrote:
    > Vernon A. Fort wrote:
    >> I have a setup which we use an external mail filtering service and
    >> need to limit/restrict external client access. Meaning the MX for
    >> the domain points to the filtering service and they relay checked
    >> email. I need to limit access to just these network blocks but also
    >> allow sasl authenticated as well as the internal network.
    >> I also do not want to blindly trust this service so i would like to
    >> check the IP address as well as ensuring the recipient is for my domain.
    >> can someone point me to an example or man page. I cannot seem to
    >> find anything related to limiting inbound smtp clients/servers.
    >> Vernon
    > Minimal config:
    > #
    > # do not include filter service IPs in mynetworks
    > mynetworks = ...
    > smtpd_recipient_restrictions =
    > permit_sasl_authenticated
    > permit_mynetworks
    > reject_unauth_destination
    > check_client_access cidr:/etc/postfix/filter_service
    > reject
    > # filter_service
    > OK
    > ... other cidr ranges filter service uses ...
    > -- Noel Jones
    Hey Noel,
      What i have now under the smtpd_*_restrictions:

    smtpd_sender_restrictions =
    smtpd_client_restrictions =
    smtpd_etrn_restrictions = reject
    smtpd_recipient_restrictions =
           check_helo_access .....
           check_sender_access ...
           check_client_access (for white listing client sites - just in
    case they get rbl listed)
           reject_rbl_client ....
    smtpd_data_restrictions =

    What i 'thinking' of is:

    smtpd_sender_restrictions =
    smtpd_client_restrictions =
           check_client_access cidr:/etc/postfix/filter_service.cidr,

    The filter_service.cidr would look like OK OK REJECT

    Would it be redundant to have the permit_sasl and permit_mynetworks
    under both the smtpd_client and smtpd_recipient?



  • Next message: MacShane, Tracy: "RE: mysql lookup errors"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD