|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Laurent Neiger (Laurent.Neiger
grenoble.cnrs.fr)
Date: Wed Nov 28 2007 - 09:51:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello all,
I'd like to make some tuning in my postfix config but I cannot
find out if it's possible...
I have a postfix 2.3.8-2 which stands onto a server and support
several domains : a main one, for our users, and other ones, for
conferences, external projects, etc.
This mail server is not our MX, as we have a frontal SMTP gateway
running qpsmtpd which, in association with spam-assassin, reject
spams on-the-fly (before the end of the smtp transaction, before
accepting the mail) and forward hams to the postfix server for
local delivery.
But this gateway only acts for our main domain, mail addressed
to our other domains arrive directly to the postfix machine.
So the postfix machine is accepting TCP/25 connections from
anywhere (as a normal MX)...
One trick we encounter is we occasionnaly receive spam for our
main domain because it is directly addresses to the postfix server.
Some spammer seem to have found out they can skip our gateway
by not asking the DNS for the MX but send directly to the postfix
server.
Thus (thanks guys for having kept reading, my question is here !)
I'd like to configure postfix for accepting connections only from
our local domain (for local mail) or our gateway (for mails coming
from outside) but ONLY for our main domain.
In effect, I can't put an ACL on the postfix server as for delivery
for other domains, external emails must arrive directly.
And in postfix docs, I see configs for allow/reject mail depending
on sender parameter (e.g. check_client_address, check_sender_address,
...) but this seem to apply to whole configuration, all the supported
domains or destinations, so I can't here reject all external connections...
Is there a way to tell postfix to apply a policy for one (or some) of
its supported domains (destinations), and another policy to the
other ones ?
Thanks a lot in advance for your help,
I hope to read from you soon and of course can sharpen the description
of my problem or config if you need.
Best regards,
Laurent.
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]