Loading ...
Sorry, an error occurred while loading the content.

292174Re: Port based acl's ?

Expand Messages
  • /dev/rob0
    Mar 24, 2013
    • 0 Attachment
      On Mon, Mar 25, 2013 at 02:44:57AM +0000, Billy Blanco wrote:
      > Does postfix support 'port based' acl's?
      > I'm trying to set it up in a way to only allow postini connections
      > over port 25 (apparently they won't deliver over any other port),
      > while having all other clients connect over port 465.

      SMTPS (SMTP over SSL) is deprecated and not recommended. Submission
      should be done on 587 (submission) using TLS and SASL.

      > Been combing the docs and haven't found anything useful yet.


      > I know I could do something with iptables or on the network level,
      > but kind of like the idea of postfix handling the rejects with a
      > custom message returned back to the sender and a log entry made.
      > If possible, examples would be great.

      main.cf :

      smtpd_recipient_restrictions = reject_unauth_destination,
      check_client_access cidr:/etc/postfix/postini.cidr, reject
      # Doing the Postfix 2.10.x copout, sorry. Read the 2.10 release
      # notes if you're using 2.10.x and want to use this new feature.
      smtpd_relay_restrictions =
      submission_recipient_restrictions = permit_sasl_authenticated,
      permit_mynetworks, reject

      master.cf (under each smtpd for smtps and submission):
      -o smtpd_recipient_restrictions=$submission_recipient_restrictions

      postini.cidr :

      # List all Postini outbound relays as a CIDR expression or as single
      # IP addresses without the /xx
      ip.add.re.ss/xx permit_auth_destination
      other.add.re.ss/xx permit_auth_destination reject This host is not MX for example.com, go away.
      http://rob0.nodns4.us/ -- system administration and consulting
      Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
    • Show all 2 messages in this topic