Looking at smtpd_sender_restrictions led me to the ACCESS(5) manpage, which in turn led me (back) to REGEXP_TABLE(5).
Do I retain the advantages you described if I use regexp or pcre (I see postfix-pcre is a package in the distro we're using) instead of 'smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain' in /etc/postfix/man.cf? Thanks, CMP On 7/23/06, Aaron S. Joyner <[EMAIL PROTECTED]> wrote:
Cristobal Palmer wrote: > I have a site, bar.com, that will be receiving mail from clients such > as foo and baz who have their own domains, foo.com and baz.com. > > I want to set things up such that mail to [EMAIL PROTECTED] only gets > through if it came from [EMAIL PROTECTED], likewise mail to [EMAIL PROTECTED] should > be dropped if it didn't come from [EMAIL PROTECTED] > > What's the _best_ way to do this if I'm using postfix? Something > directly in postfix? Procmail? > > TIA, > CMP > Check out smtpd_sender_restrictions, you'll probably want to add a check_sender_access table like this: smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/incoming-domains which points to a file with entries like these: foo.com ok baz.com ok You'll also need to makemap hash /etc/postfix/incoming-domains to create /etc/postfix/incoming-domains.db for the above example to be acceptably fast (I think it'll work if you don't, just at a great performance peril). More details can be found in the postfix documentation, here: http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions You'll probably want to do some other smtpd_sender_restrictions, and if you've already got several of them add the one above in the style of the others. Rejecting based on the MX might not be a bad idea either, as it'll cut down on spoofing at the expense of a dns lookup for every connection. If you can afford to do that depends on how likely someone is to spoof mail to you maliciously, and what volumes of mail you're talking about. Please post back if you have further questions, Aaron S. Joyner -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
-- Cristobal M. Palmer UNC-CH SILS Student TriLUG Vice Chair [EMAIL PROTECTED] [EMAIL PROTECTED] ils.unc.edu/~cmpalmer "Television-free since 2003" <tarheelcoxn> iank has trouble with English. his native language is Python <iank> Yeah <iank> I'm forced <iank> To indent <iank> My sentences -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
