NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-08

Postfix to stop all email from internet/public IP's to user begining with bk how?

From: Boyd Lynn Gerber (gerberbzenez.com)
Date: Sat Aug 25 2007 - 05:47:26 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello

I felt the subject really did not match and the issue that the subject
related was solved. That I should begin a new thread. thanks in advance.

I want all email from public IP's/internet to bk...example.com to be
rejected. The rules for restricting private IP's are working great thanks
to Sandy Drobic opensuse mail list and Mouss here . A really big thanks
to them.

Now I need to stop all emails to users that begin with bk from the
internet but allow all other's. For example of two users...

bk2000example.com
bk1921680001example.com

Here is how the system is setup.

        -----------------
        | | --- Internet--
        | Gateway Box | Internet public IP |
        | |-----------------------|
        | example.com | nic 1 example.com
        | | email usersexample.com
        | |
        | | Some users have bk1921680001example.com
        | | which is the same as the machine
        ---------------- ip1921680001.local.example.com
                | bk1921680001local.example.com
                | bk...example.com not all users are machine
                | related but start with bk
                | bk..192.168.0.1
                |
                | nic's 2,3
                | one 192.168.x.x
                | local.example.com
                |
        Many Systems using the entire 192.168.x.x space

Email from any 192.168.x.x for bk...example.com stays on the server for
them to read/pickup varies(working). What I want/need is any email from
the internet/Public IP to bk...example.com to be rejected and keep
working any email from local.example.com or 192.168.x.x for
bk...example.com. As it is now.

So for DNS I have 64770 entries in local.example.com as follows:

--------------------------local.example.com-------------------------
$TTL 3600
IN SOA example.example.com. root.example.example.com.(
        2007080401 ; Serial
        3600 ; Refresh
        1800 ; Retry
        2419200 ; Expire
        86400 ) ; Minimum
        IN NS example.example.com.

ip1921680001 IN A 192.168.0.1
ip1921680002 IN A 192.168.0.2
...
ip192168255253 IN A 192.168.255.253
ip192168255254 IN A 192.168.255.254
--------------------------local.example.com-------------------------

and rDNS

---------------------168.192.in-addr.arpa---------------------------
$TTL 3600
IN SOA example.example.com. root.example.example.com. (
        2007081201 ; Serial
        3600 ; Refresh
        1800 ; Retry
        2419200 ; Expire
        86400 ) ; Minimum
        IN NS example.example.com
$GENERATE 1-254 0.$ IN PTR ip192168000$.local.hbboys.com.
...
$GENERATE 1-254 255.$ IN PTR ip192168255$.local.example.com.
---------------------168.192.in-addr.arpa---------------------------

so postconf -n will give for ...

masquerade_domains = example.com
mydestination = example.com,$myhostname,localhost.$mydomain,mail.example.com
myhostname = example.example.com

Thanks,

--
Boyd Gerber <gerberbzenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]