Quoting Feizhou feizhou@graffiti.net:
Barry Brimer wrote:
I have a mail server that handles several domains. One of these domains
has
decided to use Postini. For those not familiar with Postini, you set your
MX
records to use their mail servers. They filter mail, and deliver you only
the
clean virus/spam free mail. The idea is to only allow incoming mail from
their
mail servers so spammers are unable to send to your mail server directly.
This
is fairly simple to do with standard restriction classes for a dedicated
server. I am not sure how to accomplish this on a shared mail server.
Ideally
I would like to instruct postfix to accept mail from anywhere for all
domains
except one domain (the one using Postini) and only allow mail destined for
that
specific domain to originate from Postini's mail servers. Any ideas would
be
greatly appreciated.
check_recipient_access key value postini-domain postini-domain-restrictions
smtpd-restrictions postini-domain-restrictions
postini-domain-restrictons check_client_access key value postini-ips/rdns OK check_client_access key value anything(regex/pcre) REJECT
Thanks for your response. For further clarification, my understanding of your instructions are as follows. Please correct any mistakes I have made. My domain will be example.com
1. Add an additional line to my smtpd_recipient_restrictions that reads:
check_recipient_access hash:/etc/postfix/recipient_checks
The contents of this file should read
example.com example.com-restrictions
Once completed, I run postmap against this file.
2. I currently use smtpd_recipient_restrictions for my access control. Can I include the example.com-restrictions directive in my smtpd_recipient_restrictions, or does it really belong in smtpd_sender_restrictions? Is there actually a plain smtpd_restrictions directive I am missing?
3. example.com-restrictions is referenced in smtpd_xxx_restrictions above. If I understand correctly, I should add a line to my main.cf above my smtpd_recipient_restrictions that says:
example.com-restrictions = check_client_access regexp:/etc/postfix/example.com-restrictions.regexp
The contents of this file should read:
name or ip of postini-allowed mail server1 OK name or ip of postini-allowed mail server2 OK name or ip of postini-allowed mail server3 OK name or ip of postini-allowed mail server4 OK /^.*/ REJECT
Thanks so much for your help, any input/correction/validation of this information is greatly appreciated!
Thanks! Barry