|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Magnus Bäck (magnus
dsek.lth.se)
Date: Mon Feb 04 2008 - 14:29:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Monday, February 04, 2008 at 20:53 CET,
audit <auditc2security.org> wrote:
> I have a list of netblocks like 61.129.0.0/16, 61.133.0.0/16, etc that I
> want to block from sending mail to us though postfix, how I would I set
> something like that up within the main.cf file? I was thinking that I
> could create a file called
>
> /usr/local/etc/postfix/mx_access and then add in that file
>
> 61.129.0.0/16 #China Spam Block
> 61.133.0.0/16 #China Spam Block
The right-hand side is invalid. Replace the "China Spam Block" comment
with an accepted result from access(5), e.g. REJECT.
> and so on for all the blocks. But I'm not sure where to add it. Would
> adding smtpd_recipient_restrictions = hash:/usr/local/etc/postfix/mx_access
> to the main.cf and then running postmap /usr/local/etc/postfix/mx_access
> work?
>
> This is on a FreeBSD 6.2 server with Mailman and I'm also doing hosting.
Indexed tables (such as `hash') do not support CIDR notation. Again,
read access(5). CIDR tables support CIDR notation, see cidr_table(5).
If you only plan on blocking /8, /16, and /24 nets you could still
use an indexed table.
61.129 REJECT
61.133 REJECT
With the default value of smtpd_delay_reject you can place the
restriction anywhere you want. You must however tell Postfix what type
of restriction it is -- you can't just list the table file name and
expect Postfix to figure out what you want to do. The following would
work:
smtpd_sender_restrictions =
check_sender_mx_access cidr:/usr/local/etc/postfix/mx_access
--
Magnus Bäck
magnusdsek.lth.se
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]