NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

Re: allowing a mail to a mailid from a specific ip address only. How to?

From: mouss (moussnetoyen.net)
Date: Sun Jan 27 2008 - 07:50:48 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anant S Athavale wrote:
> Quoting "Jan P. Kessler" <postfixjpkessler.info>:
>
>> Anant S Athavale schrieb:
>>> Dear List: We want to achieve all incoming/outgoing mails from our
>
>>> mail server using allways_bcc to feature to some e-mail id. This
>>> email id sits on another box. This box should receive the mail for
>
>>> backup email id only from that system (where always_bcc is
> defined).
>>> From anywhere else/other system if mail comes to this
> id(always_bcc
>>> id), it should reject. Suggest ways to implement it. Regards,
> ANANT.
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>
>> MAIN.CF:
>> smtpd_restriction_class = bcc_only
>> bcc_only = check_client_access hash:/etc/postfix/bcc_allowed,
> reject
>> smtpd_recipient_restrictions = permit_mynetworks,
>> ...,
>> reject_unauth_destination,
>> ...,
>> check_recipient_access = hash:/etc/postfix/bcc_recipients,
>> ...
>>
>>
>> /etc/postfix/bcc_recipients:
>> bccadress.tld bcc_only
>>
>> /etc/postfix/bcc_allowed:
>> ip.add.re.ss OK
>>
>>
>>
>
> Thanks for your prompt reply.
>
> I have a problem with this. My system is something like dual-homed
> gateway. permit_mynetworks will allow such mails still to continue to
> be received. For ex. the system has two interfaces. i want to receive
> that mail addressed to bcc only from one interface and reject if
> received from the other and at the same time all other mails should be
> accepted from both the interfaces.
>
> Please clarify, if your example still holds good or slight
> modifications may help.

just move the check to sender restrictions:

smtpd_restriction_class = bcc_only

smtpd_sender_restrictions =
check_recipient_access hash:/etc/postfix/bcc_recipients

bcc_only =
check_client_access hash:/etc/postfix/bcc_allowed
reject

/etc/postfix/bcc_recipients:
bccadress.tld bcc_only

/etc/postfix/bcc_allowed:
ip.add.re.ss OK

The reason for using sender restrictions is to avoid becoming an open
relay if you have an error in your maps.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]