On 22/07/2010 11:54, Denis BUCHER wrote:
Dear all,
After hours of reading websites and this mailing list, and after many
unsuccessful tries, I would be happy if someone could help me.
I want to allow some incoming networks to be allowed to connect to our
servers and all the rest to be blocked.
This is the solution that I ended with (but it doesn't work) :
1. I added this in main.cf :
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/access
2. I added this to /etc/postfix/access :
216.82.240.0/20 OK
213.213.213.213 REJECT
3. I did :
postmap access
/etc/init.d/postfix reload
4. But now when I try a "telnet (this machine) 25" from 213.213.213.213
I get "Welcome" and I am not rejected ?
Could someone tell me what I did wrong ?
It will be rejected if you attempt to send a mail. For example:
telnet my.server 25
Trying my.server...
Connected to my.server.
Escape character is '^]'.
220 my.server ESMTP Postfix <- you're expecting it to reject here
HELO other.server
250 my.server
MAIL FROM: <m...@example.com>
250 Ok
RCPT TO: <m...@my.server>
554 <[213.213.213.213]>: Client host rejected: Access denied
If you don't want the server to even respond on port 25 for those
addresses, then you need to block it further upstream.
Mark
--
http://mark.goodge.co.uk
