Re: Different smtpd_client_restrictions policies for different recipient domains ?
On Wed, Jun 06, 2012 at 05:42:37PM +0200, Dennis Guhl wrote: On Wed, Jun 06, 2012 at 09:15:55AM -0600, David Boreham wrote: [How to apply a restriction at some connections only?] What's the best way to implement this ? I think restriction classes are the way to go , but I'm not 100% sure. They are exactly the way to go. See here: http://www.postfix.org/RESTRICTION_CLASS_README.html I have an example of this in my SQLite HOWTO linked from the page below. It's not trivial and not well explained in the document, but perhaps David will find it useful. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Different smtpd_client_restrictions policies for different recipient domains ?
Scratching my head on whether this is possible: I suppose I want to do something like a database 'join' in my Postfix setup. e.g. enforce this check_client_access rule if and only if the recipient is in one of the following domains... This has arisen because we use MXLogic to filter inbound email, but only for a subset of the domains we're hosting. MXLogic works by pointing the domain MX record at their servers, which then relay/proxy to our Postfix. Spammers figure out how to bypass the filtering by delivering directly to the Postfix server (presumably they spot that mail.foo.com points to a machine that accepts connections on port 25 and delivery for foo.com). The way to thwart this filter bypass traffic is to deny local delivery to clients that are not on MXLogic's subnets. This is easy to do with a check_client_access directive and a cidr table. But if there are some domains hosted that are not subject to MXLogic filtering (their spam filtering is done MUA-side), a global check_client_access rule won't work because it will deny local delivery to legitimate MTA traffic for those domains. Hence the desire to make the subnet restriction domain-specific. What's the best way to implement this ? I think restriction classes are the way to go , but I'm not 100% sure. Any pointers appreciated. Thanks.
Re: Different smtpd_client_restrictions policies for different recipient domains ?
On Wed, Jun 06, 2012 at 09:15:55AM -0600, David Boreham wrote: [How to apply a restriction at some connections only?] What's the best way to implement this ? I think restriction classes are the way to go , but I'm not 100% sure. They are exactly the way to go. See here: http://www.postfix.org/RESTRICTION_CLASS_README.html Dennis
