NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-08

Re: Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com

From: Boyd Lynn Gerber (gerberbzenez.com)
Date: Fri Aug 24 2007 - 16:49:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 24 Aug 2007, mouss wrote:
> > Thanks that solved it. Now they have asked on more set of rejects.
> > They want all email from public IP's to bk...domain.com to be rejected.
> > But allow any 192.168.x.x to the bk...domain.com. I know this can be
> > done I am just now sure how. For example
> >
> > From public IP's to bk2000domain.com reject
> > From 192.168.x.x to bk2000domain.com OK.

Here is how the system is setup.

        -----------------
        | | --- Internet--
        | Gateway Box | Internet public IP |
        | |-----------------------|
        | example.com | nic 1 example.com
        | | email usersexample.com
        | |
        | | Some users have bk1921680001example.com
        | | which is the same as the machine
        ---------------- ip1921680001.local.example.com
                | bk1921680001local.example.com
                | bk...example.com not all users are machine
                | related but start with bk
                | bk..192.168.0.1
                |
                | nic's 2,3
                | one 192.168.x.x
                | local.example.com
                |
        Many Systems using the entire 192.168.x.x space

So email from any 192.168.x.x for bk...example.com stays on
the server for them to read/pickup varies. What I want is any email from
the internet to bk...example.com to be rejected. Any email from
local.example.com or 192.168.x.x for bk...example.com to be accepted.

So for DNS I have 64770 entries in local.example.com as follows:

--------------------------local.example.com-------------------------
$TTL 3600
IN SOA example.example.com. root.example.example.com.(
        2007080401 ; Serial
        3600 ; Refresh
        1800 ; Retry
        2419200 ; Expire
        86400 ) ; Minimum
        IN NS example.example.com.

ip1921680001 IN A 192.168.0.1
ip1921680002 IN A 192.168.0.2
...
ip192168255253 IN A 192.168.255.253
ip192168255254 IN A 192.168.255.254
--------------------------local.example.com-------------------------

and rDNS

---------------------168.192.in-addr.arpa---------------------------
$TTL 3600
IN SOA example.example.com. root.example.example.com. (
        2007081201 ; Serial
        3600 ; Refresh
        1800 ; Retry
        2419200 ; Expire
        86400 ) ; Minimum
        IN NS example.example.com
$GENERATE 1-254 0.$ IN PTR ip192168000$.local.hbboys.com.
...
$GENERATE 1-254 255.$ IN PTR ip192168255$.local.example.com.
---------------------168.192.in-addr.arpa---------------------------

so postconf -n will give for ...

masquerade_domains = example.com
mydestination = example.com, $myhostname, localhost.$mydomain,
mail.example.com
myhostname = example.example.com

> PS. use example.com, example.org, example.net, whatever.example instead of
> hijacking domain.com.

Sorry changed.

--
Boyd Gerber <gerberbzenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]