Vernon A. Fort wrote:
I have a setup which we use an external mail filtering service and need
to limit/restrict external client access. Meaning the MX for the domain
points to the filtering service and they relay checked email. I need to
limit access to just these network blocks but also allow sasl
authenticated as well as the internal network.
I also do not want to blindly trust this service so i would like to
check the IP address as well as ensuring the recipient is for my domain.
can someone point me to an example or man page. I cannot seem to find
anything related to limiting inbound smtp clients/servers.
Vernon
Minimal config:
# main.cf
# do not include filter service IPs in mynetworks
mynetworks = 127.0.0.0/8 ...
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
check_client_access cidr:/etc/postfix/filter_service
reject
# filter_service
192.1.0.0/24 OK
... other cidr ranges filter service uses ...
-- Noel Jones
