OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Limit address that can send to an account.

From: ankush grover (grover.pixgmail.com)
Date: Tue Aug 01 2006 - 01:54:09 CDT

On 7/31/06, Darren <postfixbitfreak.org> wrote:
> Claude Needham wrote:
> > I would like to do the following:
> >
> > I have an address xxxyyyy.com that is used to register my domains at
> > myregguy.com
> >
> > Because I don't use "private" registration a multitude of spammers
> > have gleaned the address from whois records.
> >
> > I would like to reject all email sent to xxxyyyy.com -- unless the
> > email is coming from myregguy.com
> >
> > Is this possible?
>
> Yes, using a restriction class[1] to bring in a sender whitelist-only
> restriction when the recipient is xxxyyyy.com. An example:
>
> In main.cf, add:
>
> smtpd_restriction_classes = hostmasters
> hostmasters =
> check_sender_access hash:/path/to/sender_access,
> reject
>
> Insert at smtpd_recipient_restrictions or later:
>
> check_recipient_access hash:/path/to/recipient_access
>
> Where /path/to/sender_access contains:
>
> myregguy.com OK
>
> Where /path/to/recipient_access contains:
>
> xxxyyyy.com hostmasters
>
>
> 1: http://www.postfix.org/RESTRICTION_CLASS_README.html
>
hey,

 I am also trying to implement the same for my network. We have one
account called staff and the mail sent to this address goes to all the
employees in the organisation.

I have configured main.cf as per above example

smtpd_restriction_classes = insiders_only <<<<<----------
insiders_only = check_sender_access hash:/etc/postfix/sender_access,
reject <<<<<----------
smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
---->>> check_recipient_access
hash:/etc/postfix/recipient_access,
                               reject_invalid_hostname,
                               reject_unknown_sender_domain,
                               reject_unknown_recipient_domain,
                               reject_unauth_destination,
                               reject_rbl_client relays.ordb.org,
                               reject_rbl_client opm.blitzed.org,
                               reject_rbl_client list.dsbl.org,
                               reject_rbl_client sbl.spamhaus.org,
                               reject_rbl_client cbl.abuseat.org,
                               reject_rbl_client dul.dnsbl.sorbs.net,
                               permit

But still I am able to receive the mail from outside on this account
from accounts list permitted to send mail to this account.

recipient_access file
staffexample.com insiders_only

sender_access file

example.com OK
ankushgmail.com OK
ankushyahoo.com OK
johnyahoo.com OK

Apart from my domain(example.com) some other email ids from which
mails are allowed to be send to this account are added to the
sender_access.

I am using Postfix 2.1.5 on FC3 with MailScanner.

Any pointer what can be the problem?

Thanks & Regards

Ankush Grover