|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Victor Duchovni (Victor.Duchovni
morganstanley.com)
Date: Thu Dec 30 2010 - 13:55:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Dec 30, 2010 at 01:45:57PM -0600, Michael.Larsenwellsfargo.com wrote:
> Thanks for trying to help Viktor, but I don't think this configuration will work for me. Let me try to explain; when I made my original post, others on the list were somewhat surprised regarding my intent.
>
> This relay isn't so much a relay as a choke point. The test network I support is subject to tight quotas regarding traffic on the corporate email system. I need all mail discarded unless it meets the following conditions:
>
> All mail relays for hosts listed in client_access
Best enforced in smtpd_client_restrictions.
> Mail from hosts not listed in client_access is subject
> to sender/recipient restrictions
Best enforced via suitable and separate smtpd_sender_restrictions
and smtpd_recipient_restrictions.
> If a sender is allowed (rare), recipients are evaluated,
> and either relayed (even rarer) or discarded
That's exactly what the configuration I posted does. What about
the configuration below fails to meet your requirements?
> Your problem is almost certainly best solved by using each of the
> multiple restriction lists to check each of the required conditions.
>
> cidr = cidr:${config_directory}/
> indexed = ${default_database_type}:${config_directory}/
>
> smtpd_client_restrictions =
> check_client_access ${cidr}allowed-clients,
> check_client_access static:discard
>
> smtpd_sender_restrictions =
> check_sender_access ${indexed}allowed-senders,
> check_client_access static:discard
>
> smtpd_recipient_restrictions =
> check_recipient_access ${indexed}allowed-recipients,
> check_client_access static:discard,
> #
> # At least one reject by default rule is required in
> # smtpd_recipient_restrictions, defeat the logic by
> # listing permit, then reject. In reality permit = discard.
> #
> permit, reject
>
> With this all mail is discarded unless all the conditions below are met:
>
> - From an allowed SMTP client (IP address CIDR table)
> - From an allowed envelope sender (indexed via postmap lookup table)
> - To an allowed envelope recipient (indexed via postmap lookup table)
--
Viktor.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]