|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: mouss (mouss
ml.netoyen.net)
Date: Tue Jun 22 2010 - 17:49:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Philippe Chaintreuil a écrit :
> Hello all,
>
> I have a some what convoluted setup that I'd like to make a
> modification to, and was looking for some pointers.
>
> The Long-winded situation:
>
> I run a small host that servers as a mail server for multiple domains
> (about 25). All but one of these is a fairly standard setup using
> virtual_alias_domains + virtual_alias_maps +
>
> -----------------------------------------------------------------------
> smtpd_recipient_restrictions =
> check_client_access hash:/etc/postfix/helo_client_exceptions,
> check_sender_access hash:/etc/postfix/sender_checks,
> reject_invalid_hostname,
> permit_sasl_authenticated,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_mynetworks,
> reject_unauth_destination,
> # Check with sqlgrey.
> check_policy_service inet:127.0.0.1:2501
> check_client_access hash:/etc/postfix/rbl_client_exceptions,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client bl.spamcop.net,
> reject_rhsbl_sender dns.rfc-ignorant.org
>
> mynetworks = 192.168.0.0/16 127.0.0.0/8 64.18.0.0/20
> # Note: 64.18.0.0/20 is Postini.
> -----------------------------------------------------------------------
>
> The one odd-ball domain, however, pays Postini to filter their mail,
> which is included in "mynetworks".
not the best you can do. mynetworks can relay, which postini don't need
to. use a check_client_access instead... see below.
> The Postini domain's MX records all
> point to Postini servers.
>
> The QUESTION:
> Is there a way to get just this domain to only accept messages from
> Postini + other virtual domains on this server (I guess this is likely
> just "mynetworks"), while all the others continue to accept "valid"
> messages from "anyone" (as above)?
>
you can use smtpd_restriction_classes.
smtpd_restriction_classes =
...
postini_protected
smtpd_client_restrictions =
check_recipient_access hash:/etc/postfix/postini_domains.hash
postini_protected =
check_client_access cidr:/etc/postfix/postini.cidr
reject
== postini_domains.hash
example.com postini_protected
== postini.cidr
10.1.2.0/24 OK
...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]