Loading ...
Sorry, an error occurred while loading the content.

Re: Isolating SMTP to a single band of 8 IP's

Expand Messages
  • Keith Steensma
    The original message from the company said It s a block of 8 Class C networks . I (just) read things wrong. And said (to myself), self , that s 8 ip s,
    Message 1 of 6 , Nov 2, 2011
    • 0 Attachment
      The original message from the company said 'It's a block of 8 Class C networks'.  I (just) read things wrong.  And said (to myself), 'self', that's 8 ip's, right, right! (Dumb!!)  Thanks to all.

      Keith

      On 11/2/2011 11:00 AM, /dev/rob0 wrote:
      On Wednesday 02 November 2011 10:43:35 Keith Steensma wrote:
      
      It's been a long time since I have participated in this list (goes
      to show how good Postfiix is when it can run for years with so few
      problems).  Our company has decided to start using an outside SPAM
      filtering service. Overall, this is doing a very good job.  But we
      are getting SPAM directly into out system and I need to block all
      outside SMTP connections except the connections from a group of 8
      IP address'.
      
            CIDR notation: 199.89.0.0/21
            Netmask notation: 199.89.0.0 with a netmask of 255.255.248.0
            Address range: 199.89.0.0 through 199.89.7.255
      
      That is of course much more than 8 addresses, that is 8 * 256. But no 
      matter.
      
      
      I tried (from "Getting selective with SMTP access restriction
      lists" web page)
      
      smtpd_recipient_restrictions = permit_mynetworks,
      reject_unauth_destination
      mynetworks = 127.0.0.0/8, 192.168.1.0/24, 199.89.0.0/21
      
      But that only solved half the problem.  Mail is still getting in
      from from IP's (like from 203.200.235.214 by 125.160.50.143)
      
      Can anyone offer a suggestion how to fix this problem the right
      way?
      
      main.cf :
      
      smtpd_recipient_restrictions = permit_mynetworks,
          reject_unauth_destination
          check_client_access cidr:/path/to/filter_hosts, reject
      
      /path/to/filter_hosts :
      199.89.0.0/21			permit_auth_destination
      0.0.0.0/0				REJECT Please use the MX host
      
      Being a bit slow on the draw this morning I see that Charles has 
      suggested fundamentally the same thing, just done differently.
      
    Your message has been successfully submitted and would be delivered to recipients shortly.