we already have this access restrictions in place:
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
,but we have decided to further restrict the access to our server by
allowing only people from our IP pool to authenticate and then send
mail. But I cannot see an easy way to accomplish this. Can anybody help
me, please?
We are using postfix-2.0.9 on Linux servers.
--
***********************************************************************
Pavel Urban (pavel...@hq.iol.cz)
IOL system disaster
Internet OnLine, www.iol.cz
***********************************************************************
Vegetables should not operate electronic equipment.
Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************
Oh, I've forgot to say that mynetworks is set to internal servers only,
so they are able to relay.
> smtpd_recipient_restrictions =
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
>
> ,but we have decided to further restrict the access to our server by
> allowing only people from our IP pool to authenticate and then send
> mail. But I cannot see an easy way to accomplish this. Can anybody help
> me, please?
You must use smtpd_restriction_classes for that.
smtpd_restriction_classes = must_authenticate
must_authenticate =
permit_sasl_authenticated
reject_unauth_destination
permit
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain
check_client_access hash:/etc/postfix/mynetworks
reject_unauth_destination
permit
in /etc/postfix/mynetworks:
10 must_authenticate
192.168 must_authenticate
--
Ralf Hildebrandt Ralf.Hil...@charite.de
my current spamtrap spam...@charite.de
http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
If I had a ( for every $ the government spent, what would I have?
Typical unix response: Too many ('s.
Yes! It works! Thanks a lot! The only thing that puzzles me is that I
thought that:
10 must_authenticate
192.168 must_authenticate
* REJECT "Our-nasty-message"
should work, but it doesn't...
> >in /etc/postfix/mynetworks:
> >
> >10 must_authenticate
> >192.168 must_authenticate
> >
>
> Yes! It works! Thanks a lot! The only thing that puzzles me is that I
> thought that:
>
> 10 must_authenticate
> 192.168 must_authenticate
> * REJECT "Our-nasty-message"
>
> should work, but it doesn't...
What makes you think it should work? man 5 access does not list "*" as
a valid LHS.
--
Ralf Hildebrandt Ralf.Hil...@charite.de
my current spamtrap spam...@charite.de
http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
There is no reason for any individual to have a computer in their home.
--Ken Olson, President of DEC, World Future Society Convention, 1977
I see. Is it somehow possible to specify my custom message for IP
addresses that don't match listed ones, then?
> >What makes you think it should work? man 5 access does not list "*" as
> >a valid LHS.
> >
>
> I see. Is it somehow possible to specify my custom message for IP
> addresses that don't match listed ones, then?
You could try a regexp map
--
Ralf Hildebrandt Ralf.Hil...@charite.de
my current spamtrap spam...@charite.de
http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
#!/bin/sh
cat <<EOF | dc -e "[lila/sulila%Plusili0<y]sy?si256salyx"
403736150440747681954588245935305944858835839713675044439128476844672\
007875165788798502153167817380873133828163530564
EOF