On 2013-10-25 3:41 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
On Fri, Oct 25, 2013 at 02:21:11PM -0500, Noel Jones wrote:
1. block all *.linkedin.com clients BEFORE any
permit_sasl_authenticated statement. This will also have the effect
of blocking all incoming linkedin mail. That may be a little too
strict for some folks, or maybe just fine with others.
If submission is on port 587, then one can block linked in there,
without blocking mail from linked-in.
Thanks Victor, I knew there had to be a way to do it only for submissions...
But should this check go directly on the submission service, ie:
submission inet n - n - - smtpd
-o syslog_name=postfix-587 -o smtpd_tls_security_level=encrypt
-o smtpd_tls_auth_only=yes
-o
smtpd_client_restrictions=check_client_access,${cidr}/blocked_clients.cidr,permit_sasl_authenticated,reject
(Is that right? Use a comma instead of a space between
check_client_access and the map?)
or in the relay_restrictions, ie:
check_client_access ${cidr}/blocked_clients.cidr,
permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
Now the only question is, do their connections actually use
*.linkedin.com hosts, or some other hosts... like maybe *.rapportive.com
(supposedly this new service is based on the Rapportive service LinkedIn
acquired last year.
Maybe I'll just block both for now to be sure...
Thanks again,
--
Best regards,
*/Charles/*
