From: Paul Tader (ptaderlinuxscope.com)
Date: Sun Jul 02 2006 - 22:33:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wietse Venema wrote:
> Paul Tader:
>> A client has signed up with a third party company, Postini (postini.com)
>> to do addition filtering. I want to configure the local postfix server
>> to now accept only incoming smtp connections from the Postini network
>> instead of the entire Internet. Previously, this host was the MX server.
>>
>> I setup "mynetworks" to be:
>>
>> mynetworks = 216.141.226.0/28, 123.456.789.16/28 10.1.10.0/24
>> (Postini's network, DMZ, Internal network)
>>
>> and configured smtpd_recipient_restrictions in main.cf:
>>
>> smtpd_recipient_restrictions =
>> hash:/etc/postfix/access
>
> That will permit spam that has the right recipient address
>
>> permit_mynetworks,
>> reject_unauth_destination,
>
> That will permit spam that has the right destination domain.
>
> Why not replace reject_unauth_destination by reject.
>
> Wietse
>

When I made the changes above, mail was rejected.

With only these lines

smtpd_recipient_restrictions
         permit_mynetworks,
        reject

...caused:

Jul 2 22:02:47 mail1 postfix/smtpd[1713]: connect from
exprod8mx27.postini.com[64.18.3.127]
Jul 2 22:02:47 mail1 postfix/smtpd[1713]: 442E469784:
client=exprod8mx27.postini.com[64.18.3.127]
Jul 2 22:02:47 mail1 postfix/smtpd[1713]: 442E469784: reject: RCPT from
exprod8mx27.postini.com[64.18.3.127]: 554
<exprod8mx27.postini.com[64.18.3.127]>: Client host rejected: Access
denied; from=<ptaderlinuxscope.com> to=<a.usermydomain.com> proto=SMTP
helo=<psmtp.com>

A clarification. In my original email I mentioned that this was the
only MX server for this site. Beside recieving email from Postini, it
will still send email for this domain, and DNS is configured as such.

Thank You,
Paul

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]