[CentOS] postfix and mail origin checks

Spook ZA spookza at gmail.com
Wed Jul 29 13:50:48 UTC 2009


Hi

2009/7/29 Karanbir Singh <mail-lists at karan.org>
>
> On 07/29/2009 01:58 PM, RedShift wrote:
> >> Emails to other destinations should remain unaffected.
> ^^
>
> > The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25.
>
> well, no. The machine gets a few thousand other emails from all over the
> place. Would not want to stop that :)
>
>  > Otherwise us an access table.
>
> how ?

I personally have separated my interfaces using master.cf (one for
internal and one for external and one for anti-virus from localhost).

192.168.1.1:25       inet    n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=
222.22.22.333:25      inet  n       -       n       -       -       smtpd
#
# Anti-virus
#
amavisd-new unix      -      -             n      -    2       smtp
  -o smtp_data_done_timeout=1200s
  -o disable_dns_lookups=yes
127.0.0.1:10025 inet     n       -       n       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes

I override smtpd_client_restrictions from internal so that it doesnt
try look up RBLs and the last part is the anti-virus re-injection.

Other than that, I havent investigated further what other rules you can apply.

This is similar to what Andreas Rogge has suggested elsewhere in this thread.

Regards,
  Andrew.



More information about the CentOS mailing list