Loading ...
Sorry, an error occurred while loading the content.

295016Re: Disabling user submission on port 25

Expand Messages
  • John Allen
    Aug 27, 2013
      > On 8/26/2013 10:24 PM, John Allen wrote:
      >
      >> I based it something that Noel Jones wrote way back in 2008.
      > I doubt that Noel suggested anything like this.
      >
      >> Create a file of the networks you wish to deny access to eg.
      >> “Deny_Mynetworks_Access” the content of which will be the same networks
      >> as those found in the mynetworks parameter of the main.cf file for example:
      >>
      >> 192.168.0.0/16 REJECT local access not permitted
      >> n.n.n.n/28 REJECT local access not permitted
      >> [nnnn:nnnn:nnnn::]/64 REJECT local access not permitted
      >>
      >> remove the permit_mynetworks from all the various
      >> smtpd_xxxx_restrictions stanzas of main.cf. Then modify the master.cf by
      >> adding
      >> -o smtpd_client_restrictions=hash:Deny_Mynetworks_Access,.....
      >> to the smtp service, and add
      >> -o smtpd_client_restrictions=permit_mynetworks,.....
      >> to the submission service.
      > This unnecessary and complex and actually won't work as stated. All
      > that is required is a one line change to master.cf and a CIDR file:
      >
      > /etc/postfix/master.cf
      > ...
      > smtp inet n - - - 20 smtpd
      > -o smtpd_client_restrictions=check_client_access,\
      > cidr:/etc/postfix/deny-local.cidr
      >
      > /etc/postfix/deny-local.cidr
      > 192.168.0.0/16 REJECT local access not permitted
      >
      >
      > Aug 27 01:28:21 greer postfix/smtpd[31670]: NOQUEUE: reject: RCPT from
      > gffx.hardwarefreak.com[192.168.100.53]: 554 5.7.1
      > <gffx.hardwarefreak.com[192.168.100.53]>: Client host rejected: local
      > access not permitted; from=<stan@...> to=<xxxx@...>
      > proto=ESMTP helo=<[192.168.100.53]>
      >
      Much simpler and far much more elegant.
    • Show all 13 messages in this topic