[CentOS] Postfix / Postini question

Feizhou feizhou at graffiti.net
Thu Jun 30 06:34:56 UTC 2005


Barry Brimer wrote:
> Quoting Feizhou <feizhou at graffiti.net>:
> 
> 
>>Barry Brimer wrote:
>>
>>>I have a mail server that handles several domains.  One of these domains
>>
>>has
>>
>>>decided to use Postini.  For those not familiar with Postini, you set your
>>
>>MX
>>
>>>records to use their mail servers.  They filter mail, and deliver you only
>>
>>the
>>
>>>clean virus/spam free mail.  The idea is to only allow incoming mail from
>>
>>their
>>
>>>mail servers so spammers are unable to send to your mail server directly.
>>
>>This
>>
>>>is fairly simple to do with standard restriction classes for a dedicated
>>
>>mail
>>
>>>server.  I am not sure how to accomplish this on a shared mail server.
>>
>>Ideally
>>
>>>I would like to instruct postfix to accept mail from anywhere for all
>>
>>domains
>>
>>>except one domain (the one using Postini) and only allow mail destined for
>>
>>that
>>
>>>specific domain to originate from Postini's mail servers.  Any ideas would
>>
>>be
>>
>>>greatly appreciated.
>>
>>check_recipient_access
>>		key		value
>>		postini-domain	postini-domain-restrictions
>>
>>smtpd-restrictions
>>	postini-domain-restrictions
>>
>>postini-domain-restrictons
>>	check_client_access
>>		key			value
>>		postini-ips/rdns	OK
>>	check_client_access
>>		key			value
>>		anything(regex/pcre)	REJECT
> 
> 
> Thanks for your response.  For further clarification, my understanding of your
> instructions are as follows.  Please correct any mistakes I have made.  My
> domain will be example.com
> 
> 1.  Add an additional line to my smtpd_recipient_restrictions that reads:
> 
> check_recipient_access hash:/etc/postfix/recipient_checks
> 
> The contents of this file should read
> 
> example.com        example.com-restrictions
> 
> Once completed, I run postmap against this file.
> 
> 2.  I currently use smtpd_recipient_restrictions for my access control.  Can I
> include the example.com-restrictions directive in my
> smtpd_recipient_restrictions, or does it really belong in
> smtpd_sender_restrictions?  Is there actually a plain smtpd_restrictions
> directive I am missing?

Ack, sorry that should be smtpd_restriction_classes

Putting all non restriction-classes rules under 
smtpd_recipient_restrictions is fine.
> 
> 3.  example.com-restrictions is referenced in smtpd_xxx_restrictions above.
> If I understand correctly, I should add a line to my
> main.cf above my smtpd_recipient_restrictions that says:

No, after the smtpd_restriction_classes declaration(s)

smtpd_restriction_classes = example.com-restrictions
	{more if you have}

Followed by the rule declarations per restriction class.
> 
> example.com-restrictions =
>    check_client_access regexp:/etc/postfix/example.com-restrictions.regexp
> 
> The contents of this file should read:
> 
> name or ip of postini-allowed mail server1 OK
> name or ip of postini-allowed mail server2 OK
> name or ip of postini-allowed mail server3 OK
> name or ip of postini-allowed mail server4 OK
> /^.*/ REJECT
> 
> Thanks so much for your help, any input/correction/validation of this
> information is greatly appreciated!

You are welcome.



More information about the CentOS mailing list