Re: Port based acl's ?
- On Mon, Mar 25, 2013 at 02:44:57AM +0000, Billy Blanco wrote:
> Does postfix support 'port based' acl's?SMTPS (SMTP over SSL) is deprecated and not recommended. Submission
> I'm trying to set it up in a way to only allow postini connections
> over port 25 (apparently they won't deliver over any other port),
> while having all other clients connect over port 465.
should be done on 587 (submission) using TLS and SASL.
> Been combing the docs and haven't found anything useful yet.http://www.postfix.org/SMTPD_ACCESS_README.html
> I know I could do something with iptables or on the network level,main.cf :
> but kind of like the idea of postfix handling the rejects with a
> custom message returned back to the sender and a log entry made.
> If possible, examples would be great.
smtpd_recipient_restrictions = reject_unauth_destination,
check_client_access cidr:/etc/postfix/postini.cidr, reject
# Doing the Postfix 2.10.x copout, sorry. Read the 2.10 release
# notes if you're using 2.10.x and want to use this new feature.
submission_recipient_restrictions = permit_sasl_authenticated,
master.cf (under each smtpd for smtps and submission):
# List all Postini outbound relays as a CIDR expression or as single
# IP addresses without the /xx
0.0.0.0/0 reject This host is not MX for example.com, go away.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: