Thomas:
> Hello,
> i try to figure out how to restrict ACCESS to the SMTP daemon.
>
> With that, i mean something like the tcpwrapper for SMTP/SMTPS ...
>
> For what?
>
> I have several root-Servers, vServer and Xen domains - only one is the
> mail system and should be available for mail from the internet.
>
> The others servers use the mail server as the smart relay ("relayhost =
> ...") and have mynetworks at "" or "127.0.0.1/8 <myip>/32". I think, i
> could solve this with mynetworks = "" and mynetworks_style = host ...
>
> But those servers also need to RECEIVE mail - from the other servers at
> least.
> That means, for example, they need to receive mail from the mail system
> - and for that, they need a running smtpd.
>
> But all other servers in the internet shall never be able to access
> those smtp daemons ...
> And this is not about relaying for for this or that recipient, but just
> to drop access from all oter networks and IPs.
>
> How to do that?!?!
> I just could not find a way :-(
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/access.5.html
http://www.postfix.org/cidr_table.5.html
/etc/postfix/main.cf
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_access
/etc/postfix/client_access
192.168.0.0/28 OK
192.168.1.1/32 OK
0.0.0.0/0 REJECT
Use smtpd_CLIENT_restrictions not smtpd_RECIPIENT_restrictions.
Wietse
