Re: SMTP relay only
Rocco Scappatura a écrit : Hello, I need to setup a mail server for outgoing email only. I clearly would like to restrict access to my networks only. Moreover, I would like to permit only to some envelope senders to relay email trhough a such MTA. And no other envelope sender should be able to relay trhough this MTA. So the restriction classes are made so: smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf -- this let me disable some content checking through filter (Amavisd-new). No matter. smtpd_helo_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf reject If I understand you, you want something like: - if IP is in a list of allowed IPs, _and_ if sender is in a list of allowed sender, permit - anything else is rejected right? what you did above is - if IP _OR_ ... which is not the same thing. (I am assuming your maps return OK). you want smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf reject smtpd_recipient_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf reject This is also safer (if check_sender_access accidentally returns an OK, you don't become an open relay). Please note that I use check_client_access restriction together with: mynetworks = /etc/postfix/relay to limit access to SMTP relay server per IP. I don't understand this part. I see no permit_mynetworks in the snippet you posted. [snip] This configuration doesn't work. What is conceptually wrong in my config? Finally I would like to deny message delivery to my mail server.. It should suffice to unset relay_domains or it is too restrictive doing so? to disable local delivery, check the FIREWALL README. In addition, if you don't have relay domains, then set relay_domains =
Re: SMTP relay only
On Sun, Feb 15, 2009 at 03:20:55PM +0100, mouss wrote: Finally I would like to deny message delivery to my mail server.. It should suffice to unset relay_domains or it is too restrictive doing so? to disable local delivery, check the FIREWALL README. I think this means: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: SMTP relay only
Rocco Scappatura a écrit : Hello, I need to setup a mail server for outgoing email only. I clearly would like to restrict access to my networks only. Moreover, I would like to permit only to some envelope senders to relay email trhough a such MTA. And no other envelope sender should be able to relay trhough this MTA. So the restriction classes are made so: smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-filter-access.cf -- this let me disable some content checking through filter (Amavisd-new). No matter. smtpd_helo_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf reject If I understand you, you want something like: - if IP is in a list of allowed IPs, _and_ if sender is in a list of allowed sender, permit - anything else is rejected right? yes, exactly. what you did above is - if IP _OR_ ... which is not the same thing. (I am assuming your maps return OK). you want smtpd_sender_restrictions = check_sender_access proxy:mysql:/etc/postfix/mysql-check-sender-access.cf reject smtpd_recipient_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf reject This is also safer (if check_sender_access accidentally returns an OK, you don't become an open relay). NowI have understood quite all. I ve tried new config and works pretty well! Please note that I use check_client_access restriction together with: mynetworks = /etc/postfix/relay to limit access to SMTP relay server per IP. I don't understand this part. I see no permit_mynetworks in the snippet you posted. Infact, I haven't reported it.. I just forgot! :-( smtpd_recipient_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-check-client-access.cf permit_mynetworks reject This should be ok! [snip] This configuration doesn't work. What is conceptually wrong in my config? Finally I would like to deny message delivery to my mail server.. It should suffice to unset relay_domains or it is too restrictive doing so? to disable local delivery, check the FIREWALL README. :-) In addition, if you don't have relay domains, then set relay_domains = Indeed, I don't want to do so for delivery efficiency rights! Infact if i set: relay_domains = every message destined to my domain goes on another my mail server that accept email for that domain, and the is delivered to the post office. While, actually now the email for one of my domain is delivered quickly to the postoffice specified as transport for that domain. Maybe the best solution is to deny incoming (from outside of my network) connection on port 25.. thanks, rocsca
Re: SMTP relay only
Victor, Finally I would like to deny message delivery to my mail server.. It should suffice to unset relay_domains or it is too restrictive doing so? to disable local delivery, check the FIREWALL README. I think this means: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall I have just finished to explain better what I would like to implement in another post.. The link above doesn't seems that is worth for my porpouse.. Thanks as well, rocsca