[CentOS] postfix and mail origin checks

Wed Jul 29 13:50:48 UTC 2009
Spook ZA <spookza at gmail.com>

Hi

2009/7/29 Karanbir Singh <mail-lists at karan.org>
>
> On 07/29/2009 01:58 PM, RedShift wrote:
> >> Emails to other destinations should remain unaffected.
> ^^
>
> > The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25.
>
> well, no. The machine gets a few thousand other emails from all over the
> place. Would not want to stop that :)
>
>  > Otherwise us an access table.
>
> how ?

I personally have separated my interfaces using master.cf (one for
internal and one for external and one for anti-virus from localhost).

192.168.1.1:25       inet    n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=
222.22.22.333:25      inet  n       -       n       -       -       smtpd
#
# Anti-virus
#
amavisd-new unix      -      -             n      -    2       smtp
  -o smtp_data_done_timeout=1200s
  -o disable_dns_lookups=yes
127.0.0.1:10025 inet     n       -       n       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes

I override smtpd_client_restrictions from internal so that it doesnt
try look up RBLs and the last part is the anti-virus re-injection.

Other than that, I havent investigated further what other rules you can apply.

This is similar to what Andreas Rogge has suggested elsewhere in this thread.

Regards,
  Andrew.