Re: Isolating SMTP to a single band of 8 IP's
- The original message from the company said 'It's a block of 8 Class C networks'. I (just) read things wrong. And said (to myself), 'self', that's 8 ip's, right, right! (Dumb!!) Thanks to all.
On 11/2/2011 11:00 AM, /dev/rob0 wrote:
On Wednesday 02 November 2011 10:43:35 Keith Steensma wrote:
It's been a long time since I have participated in this list (goes to show how good Postfiix is when it can run for years with so few problems). Our company has decided to start using an outside SPAM filtering service. Overall, this is doing a very good job. But we are getting SPAM directly into out system and I need to block all outside SMTP connections except the connections from a group of 8 IP address'. CIDR notation: 18.104.22.168/21 Netmask notation: 22.214.171.124 with a netmask of 255.255.248.0 Address range: 126.96.36.199 through 188.8.131.52
That is of course much more than 8 addresses, that is 8 * 256. But no matter.
I tried (from "Getting selective with SMTP access restriction lists" web page) smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination mynetworks = 127.0.0.0/8, 192.168.1.0/24, 184.108.40.206/21 But that only solved half the problem. Mail is still getting in from from IP's (like from 220.127.116.11 by 18.104.22.168) Can anyone offer a suggestion how to fix this problem the right way?
main.cf : smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination check_client_access cidr:/path/to/filter_hosts, reject /path/to/filter_hosts : 22.214.171.124/21 permit_auth_destination 0.0.0.0/0 REJECT Please use the MX host Being a bit slow on the draw this morning I see that Charles has suggested fundamentally the same thing, just done differently.