Loading ...
Sorry, an error occurred while loading the content.

Re: SMTPD Policy to Restrict Senders to a known set of IPs

Expand Messages
  • mouss
    ... yes. smtpd_restriction_classes = restrict_sender_ip smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/restricted_senders.hash
    Message 1 of 2 , Oct 30, 2010
    • 0 Attachment
      Le 30/10/2010 18:43, Kevin Coveney a écrit :
      I have been asked by my client to setup postfix to enforce a policy that will restrict certain list of domains to a predetermined list of IPs for the domain. However if the sender domain is not on the list then we would simply skip this check.
       
      I was going to manage the sender IP list using separate CIDR: files for each domain and reject if not in the list.
       
      However, what is the best way to tie the domain to the list?
      I was thinking about using smtpd_restriction_classes but I'm not sure if this is the best or how to best put it all together.

      yes.

      smtpd_restriction_classes = restrict_sender_ip

      smtpd_sender_restrictions =
          check_sender_access hash:/etc/postfix/restricted_senders.hash

      restrict_sender_ip =
          check_client_access cidr:/etc/postfix/restricted_senders_ip.cidr
          reject

      == /etc/postfix/restricted_senders.hash
      example.com    restrict_sender_ip
      .example.com    restrict_sender_ip

      == /etc/postfix/restricted_senders_ip.cidr
      192.0.2.0/24    OK


      check
          http://www.postfix.org/RESTRICTION_CLASS_README.html
      for more information.


       
      Your advice will be much appreciated
       
      Thanks,
      Kevin Coveney

    Your message has been successfully submitted and would be delivered to recipients shortly.