Thankyou for this, it did indeed do the trick, I've documented it on the
WWW in case anyone else has a similar need:
I couldn't find the answer using Google, so hopefully someone else will
be able to now.
] On Behalf Of Sahil Tandon
Sent: Thursday, 24 June 2010 1:06 PM
Subject: Re: Stop spammers using outdated MX records.
On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote:
> Domain2.edu smtp:[10.2.3.5]
> Domain2 has recently been signed up for a cloud spam scanning service,
> so our postfix host is no longer MX for this domain, the spam scanning
> service is MX and forwards mail to out postfix host. The problem I've
> encountered is that spammers don't seem to use the updated MX records,
> they still use the postfix host as if it were MX. So, what I assume I
> need to do here is tell postfix that for Domain2 only relay mail from
> the cloud spam scanning service and our networks.
My understanding is that you want to refuse mail for domain2 recipients
*unless* it originates from your network or the cloud.
> How can I do this with postfix? I've searched around these lists and
> the web in general, the best explanation I can find is this:
You could use restriction classes but that is unnecessary. Assuming the
cloud only sends mail to you for domain2, whitelist the cloud's IP
*after* reject_unauth_destination but *before*, in the same restriction
list, rejecting all mail addressed to domain2.
Sahil Tandon <sahil@...>