On 9/1/2008 12:15 PM, Erik Paulsen Skaalerud wrote: > I have a postfix-pop3/imap4 server at our office who gets incoming > smtp mail from either 2 fixed IP adresses (antispam-company), from my > local network or from clients authenticated via SASL. > Is it possible to restrict smtp access so that unknown smtp clients > gets refused? I only want the hosts/networks mentioned above to be > able to use the smtpd!
Just use the following in smtpd_recipient_restrictions: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_client_access cidr:/etc/postfix/allowed_clients.cidr, where allowed_clients.cidr contains the netblocks of your outsourced anti-spam service (we use webroot): ******************* allowed_clients.cidr **************** # webroot netblocks ###.##.###.0/28 dunno ###.###.##.0/26 dunno ###.###.###.0/23 dunno # reject all clients not matching anything above, and be sure # there is no final reject under recipient_restrictions # 0.0.0.0/0 reject unauthorized client, please use our MX ******************* allowed_clients.cidr **************** We use additional checks to provide custom rejects for x-employees, and for blocking specific senders (rarely use it, but the boss has asked me to do it occasionally), so use 'dunno' in the webroot netblocks above. If you don't need any additional checks, you could use OK instead of dunno. -- Best regards, Charles
