On 11/12/2012 10:26, Tom Kinghorn wrote:
Good day list.Without the use of policyd or postfwd, is it possible to limit connections to your mail server from a specific country only? I was thinking something like: mynetworks = $config_directory/mynetworks countryips = $config_directory/country_ips smtpd_client_restrictions = check_client_access regexp:/etc/postfix/fqrdns.regexp, permit_mynetworks, permit_countryips, ......... ......... Just wondering if its possible.
Technically, it's possible. But IP geolocation is both complex and imprecise. Your $config_directory/country_ips file will need to be updated regularly and will be very large.
If I was going to do it, I'd use a database backend (such as MySQL) and query that rather than using a flat file. It will be more efficient, and easier to maintain.
But I don't think I'd try to do it at all, unless there was a very good reason. Even with regular updates, you will still have a significant risk of false positives causing mail to be rejected when it should be delivered as well as mail accepted that you want to reject. As well as direct connections, you have to allow for the fact that many people may be using webmail servers (eg, Gmail, Hotmail, Yahoo, or a variety of corporate hosted solutions) that are not in their own country. So the IP of the sending server is, at best, only a rough guide to the location of the sending person.
Mark -- Please take a short survey about the Leveson Report: http://meyu.eu/ak
