Re: [CentOS] postfix and mail origin checks
On 07/29/2009 01:58 PM, RedShift wrote: Emails to other destinations should remain unaffected. ^^ The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25. well, no. The machine gets a few thousand other emails from all over the place. Would not want to stop that :) Otherwise us an access table. how ? -- Karanbir Singh : http://www.karan.org/ : 2522...@icq ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix and mail origin checks
RedShift wrote: Karanbir Singh wrote: Whats the 'robust' way to make sure email to a specific destination is only accepted if it came over the localhost:25 or /usr/sbin/sendmail route ? anything else should get a 5xx error. Emails to other destinations should remain unaffected. Using postfix/c4. Had a look around, and header_checks might be one way to go. The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25. Ummm. The question was how to *identify* mails coming from localhost, not restrict everything to localhost. Otherwise us an access table. I'd be curious how you would do that. Ralph pgpiw294YW9o4.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix and mail origin checks
hi, Whats the 'robust' way to make sure email to a specific destination is only accepted if it came over the localhost:25 or /usr/sbin/sendmail route ? anything else should get a 5xx error. Emails to other destinations should remain unaffected. I guess you should need to configure two incoming variant in master.cf, so you have one smtpd listening for localhost and one on the real ip. For the one on the real ip you just set a recipient restriction that disallows your specific destination (directly in master.cf itself). I didn't test, but it should work. Regards, Andreas -- Solvention Egermannstr. 6-8 53359 Rheinbach Tel: +49 2226 158179-0 Fax: +49 2226 158179-9 http://www.solvention.de mailto:i...@solvention.de smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix and mail origin checks
Hi 2009/7/29 Karanbir Singh mail-li...@karan.org On 07/29/2009 01:58 PM, RedShift wrote: Emails to other destinations should remain unaffected. ^^ The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25. well, no. The machine gets a few thousand other emails from all over the place. Would not want to stop that :) Otherwise us an access table. how ? I personally have separated my interfaces using master.cf (one for internal and one for external and one for anti-virus from localhost). 192.168.1.1:25 inetn - n - - smtpd -o smtpd_client_restrictions= 222.22.22.333:25 inet n - n - - smtpd # # Anti-virus # amavisd-new unix - - n -2 smtp -o smtp_data_done_timeout=1200s -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes I override smtpd_client_restrictions from internal so that it doesnt try look up RBLs and the last part is the anti-virus re-injection. Other than that, I havent investigated further what other rules you can apply. This is similar to what Andreas Rogge has suggested elsewhere in this thread. Regards, Andrew. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix and mail origin checks
Karanbir Singh wrote: On 07/29/2009 01:58 PM, RedShift wrote: Emails to other destinations should remain unaffected. ^^ The easiest way is probably to edit master.cf and make smtpd only listen on localhost:25. well, no. The machine gets a few thousand other emails from all over the place. Would not want to stop that :) Otherwise us an access table. how ? Start by setting up recipient classes, like this: everybody = permit limited = check_client_access hash:/etc/postfix/tables/limited_client_access smtpd_restriction_classes = everybody, limited smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/tables/recipient_access And now for the tables: recipient_access: mypreci...@example.net limited * everybody limited_client_access: 1.2.3.4 OK * REJECT I'm quickly writing this almost all out of my head so it might not be entirely drop into place. Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos