Loading ...
Sorry, an error occurred while loading the content.
 

Re: Filter incoming emails by source IP but depending on destination domains

Expand Messages
  • Noel Jones
    ... SMTP) are of ... Is this ... Yes, that s an easy and common setup. Rather than using smtpd_client_restrictions, we ll use smtpd_recipient_restrictions.
    Message 1 of 7 , Apr 28, 2009
      > Noel Jones a écrit :
      >> Denis BUCHER wrote:
      >>> Hello,
      >>>
      >>> I have a server with different domains on it. Some domains should only
      >>> receive emails from specific IP adresses (SPAM filtering) while other
      >>> domains should accept emails from all domains.
      >>>
      >>> How could I implement this ?
      >>>
      >>> I suppose I have to do a hash with the specific IPs, and add this hash
      >>> as filter for the domains that should be filtered ?
      >>>
      >>> Is this correct, and could someone point me to how it should be done ?
      >>>
      >>> Thanks a lot in advance,
      >>>
      >>> Denis
      >>
      >> Here's the documentation on how to do something like this:
      >> http://www.postfix.org/RESTRICTION_CLASS_README.html
      >>
      >> A brief example:
      >> #main.cf
      >> smtpd_delay_reject = yes
      >> (this is the default; required for this example)
      >>
      >> smtpd_restriction_classes = from_spamfilter_only
      >>
      >> from_spamfilter_only =
      >> check_client_access cidr:/etc/postfix/from_spamfilter.cidr
      >>
      >> smtpd_client_restrictions =
      >> check_recipient_access hash:/etc/postfix/filtered_domains
      >>
      >> # filtered_domains table
      >> # postmap this table after edits!
      >> example.com from_spamfilter_only
      >> other.example.org from_spamfilter_only
      >>
      >> # from_spamfilter cidr table
      >> # postmap not necessary.
      >> 10.1.1.0/27 OK
      >> 192.168.100.127 OK
      >> # next line rejects any unauthorized clients
      >> 0.0.0.0/0 REJECT you must use our MX host
      >>
      >> -- Noel Jones
      >>
      >

      Denis BUCHER wrote:
      > Hello,
      >
      > I forgot to add an important point :
      >
      > * Users that use their login and password (authentified
      SMTP) are of
      > course allowed to send from anywhere to anywhere...
      Is this
      > compatible with the proposed config ?
      >
      >
      > Thanks a lot
      >
      > Denis
      >

      Yes, that's an easy and common setup.
      Rather than using smtpd_client_restrictions, we'll use
      smtpd_recipient_restrictions. The rest of the config is as
      the example above.

      # main.cf
      smtpd_recipient_restrictions =
      permit_sasl_authenticated
      permit_mynetworks
      reject_unauth_destination
      check_recipient_access hash:/etc/postfix/filtered_domains

      -- Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.