NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2000-05

Subject: Re: postfix 19991231-pl06 allowing relaying :(
From: Lutz Jaenicke (Lutz.Jaenickeaet.TU-Cottbus.DE)
Date: Wed May 03 2000 - 14:59:41 CDT

Next message: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Previous message: Jerry Thomas: "OFF-TOPIC: Apache Mailing Lists"
In reply to: sq01blade.ccs.yorku.ca: "Re: postfix 19991231-pl06 allowing relaying :("
Next in thread: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Reply: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 03, 2000 at 03:37:47PM -0400, sq01blade.ccs.yorku.ca wrote:
> On May 3, 3:24pm, <sq01blade.ccs.yorku.ca> wrote:
> > I'd just installed postfix yesterday and realized that relaying from a
> local
> > host in our domain still works (see below). Can someone tell me how I can
> > configure postfix to accept relays from only certain hosts ? I'm been
> > experimenting with the config files without success :(

If I understand your question correctly, you want to allow relaying
only for listed hosts, not for all, even when they are local?!

No problem :-)
- Don't use permit_mynetworks, as this will allow access for all hosts
  in the same subnet. (Our university for some time had Cabletron SecureFast
  with the whole university being 1 (one) class B net seperated only by
  VLAN switches -> mynetworks would match the whole university if not
  explicitly adjusted!)
- Don't use yorku.ca as a mask for selection, since it might match the
  ...from trusted clients matching $relay_domains or subdomains thereof
  criterion. (I don't know, whether you are talking all of yorku.ca or
  only the ccs.yorku.ca subdomain, please adjust as appropriate.)
So use for example
  smtpd_recipient_restrictions =
        dbm:/etc/postfix/access,
        reject_maps_rbl,
        reject_unknown_sender_domain,
        reject_unauth_pipelining,
        check_relay_domains
then enter all hosts for which you allow outgoing/incoming mail into
relay_domains, those, for which you only want to relay outgoing mail,
come into the "access" database.

Best regards,
Lutz

-- 
Lutz Jaenicke                             Lutz.Jaenickeaet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

Next message: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Previous message: Jerry Thomas: "OFF-TOPIC: Apache Mailing Lists"
In reply to: sq01blade.ccs.yorku.ca: "Re: postfix 19991231-pl06 allowing relaying :("
Next in thread: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Reply: Lutz Jaenicke: "Re: postfix 19991231-pl06 allowing relaying :("
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]