it did n't work with changes in mynetworks
if i elaborate the setup, it's like the following:
main external relay -> internal relay(internal-192.168.100.0/24) -> finally
mails reach exchange (192.168.100.122)
i want internal relay should not receive any mails other than from external
relay
the following is the config of internal relay:\
inet_protocols = all
inet_interfaces = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
#pcre:/etc/postfix/virtual_pcre
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
myorigin = example.com
myhostname = relay.exmple.com
mydestination =
defer_transports =
local_transport = error:local mail delivery is disabled
local_recipient_maps =
mynetworks_style = subnet
relay_domains = example.com
mynetworks = 192.168.100.122/32 127.0.0.0/8
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
check_recipient_access hash:/etc/postfix/roleaccount_exceptions
reject_non_fqdn_hostname
reject_invalid_hostname
check_helo_access pcre:/etc/postfix/helo_checks
permit
[courtsey: the book of postfix]
the log files:
-------------
log of telnet session from a different network: external ip:192.168.2.75:
Jun 21 22:33:14 relay postfix/smtpd[4006]: connect from
unknown[192.168.2.75]
Jun 21 22:33:53 relay postfix/smtpd[4006]: CA96E1805B4:
client=unknown[192.168.2.75]
Jun 21 22:33:59 relay postfix/cleanup[4009]: CA96E1805B4: message-id=<
20090621203353.ca96e180...@relay.example.com>
Jun 21 22:33:59 relay postfix/qmgr[4001]: CA96E1805B4: from=<b...@abc.com>,
size=359, nrcpt=1 (queue active)
Jun 21 22:34:00 relay postfix/smtp[4010]: CA96E1805B4: to=<ad...@example.com>,
relay=192.168.100.122[192.168.100.122]:25, delay=29, delays=29/0.01/0/0.17,
dsn=2.6.0, status=sent (250 2.6.0 <
20090621203353.ca96e180...@relay.example.com> Queued mail for delivery)
the above is undesirable
log of relay from allowed network: external ip:192.168.3.11:
Jun 21 22:38:53 relay postfix/smtpd[4011]: connect from relay2.abc.com
[192.168.3.11]
Jun 21 22:38:54 relay postfix/smtpd[4011]: 42AC61805B4: client=
relay2.abc.com[192.168.3.11]
Jun 21 22:38:54 relay postfix/cleanup[4014]: 42AC61805B4: message-id=<
worldclient-f200906212238.aa38500...@abc.com>
Jun 21 22:38:54 relay postfix/qmgr[4001]: 42AC61805B4: from=<b...@abc.com>,
size=2292, nrcpt=1 (queue active)
Jun 21 22:38:54 relay postfix/smtpd[4011]: disconnect from relay2.abc.com
[192.168.3.11]
Jun 21 22:38:55 relay postfix/smtp[4015]: 42AC61805B4: to=<ad...@example.com>,
relay=192.168.100.122[192.168.100.122]:25, delay=1, delays=0.79/0.01/0/0.22,
dsn=2.6.0, status=sent (250 2.6.0 <
worldclient-f200906212238.aa38500...@abc.com> Queued mail for delivery)
the above is desirable
how can i restrict internal relay host to accept only from external relay
host(relay2.abc.com) or i miss some obvious!
appreciate help
On Sun, Jun 21, 2009 at 3:12 PM, Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:
> * K bharathan <kbhara...@gmail.com>:
> > my setup:
> > external relay1 -->internal postfix mail server
> >
> > how can i restrict postfix to receive only mails from relay1; can i do
> it
> > through a access map?
>
> mynetworks = externalrelay1
>
> smtpd_recipient_restrictions =
> permit_mynetworks
> reject
>
> --
> Ralf Hildebrandt
> Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
> http://www.computerbeschimpfung.de
> One of my frequent mistakes is to believe users' interpretation
> of what is happening. -- Wietse
>
