|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Laurent Neiger (Laurent.Neiger
grenoble.cnrs.fr)
Date: Thu Nov 29 2007 - 05:02:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
Thanks a lot for your quick answer !
Seems to be able to solve my problem,
I'll try it ASAP.
Once more many thanks for your help.
Best regards,
Laurent.
mouss wrote:
> Laurent Neiger wrote:
>> Hello all,
>>
>> I'd like to make some tuning in my postfix config but I cannot
>> find out if it's possible...
>>
>> I have a postfix 2.3.8-2 which stands onto a server and support
>> several domains : a main one, for our users, and other ones, for
>> conferences, external projects, etc.
>>
>> This mail server is not our MX, as we have a frontal SMTP gateway
>> running qpsmtpd which, in association with spam-assassin, reject
>> spams on-the-fly (before the end of the smtp transaction, before
>> accepting the mail) and forward hams to the postfix server for
>> local delivery.
>>
>> But this gateway only acts for our main domain, mail addressed
>> to our other domains arrive directly to the postfix machine.
>> So the postfix machine is accepting TCP/25 connections from
>> anywhere (as a normal MX)...
>>
>> One trick we encounter is we occasionnaly receive spam for our
>> main domain because it is directly addresses to the postfix server.
>> Some spammer seem to have found out they can skip our gateway
>> by not asking the DNS for the MX but send directly to the postfix
>> server.
>>
>> Thus (thanks guys for having kept reading, my question is here !)
>> I'd like to configure postfix for accepting connections only from
>> our local domain (for local mail) or our gateway (for mails coming
>> from outside) but ONLY for our main domain.
>>
>> In effect, I can't put an ACL on the postfix server as for delivery
>> for other domains, external emails must arrive directly.
>>
>> And in postfix docs, I see configs for allow/reject mail depending
>> on sender parameter (e.g. check_client_address, check_sender_address,
>> ...) but this seem to apply to whole configuration, all the supported
>> domains or destinations, so I can't here reject all external
>> connections...
>>
>
>
> smtpd_recipient_restrictions =
> ...
> reject_unauth_destination
> # allow our gateway
> check_client_access cidr:/etc/postfix/trusted_client
> # block mail to main domain
> check_recipient_access hash:/etc/postfix/block_main_domain
> ...
>
>
> == trusted_client:
> 10.1.2.0/24 OK
>
> == block_main_domain:
> main.example.com REJECT
>
>
> In short:
> 1. if it is our gateway, allow
> 2. if it is to main domain, block (the gateway was allowed in step 1)
>
>
>> Is there a way to tell postfix to apply a policy for one (or some) of
>> its supported domains (destinations), and another policy to the
>> other ones ?
>>
>> Thanks a lot in advance for your help,
>>
>> I hope to read from you soon and of course can sharpen the description
>> of my problem or config if you need.
>>
>> Best regards,
>>
>> Laurent.
>>
>>
>
>
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]