it's working i've been always a reader of this list. before i pose a
question, i understand, i've to be well grounded on postfix ; these
ingenuities r not comparable; great!
to begin with i've started with 'the book of postfix'
thanks everybody
On Mon, Jun 22, 2009 at 1:25 AM, Ville Walveranta <walvera...@gmail.com>wrote:
> Or, if you want to have one "regular" interface and one "restricted"
> (to receive email only from the primary relay), you could use the
> following:
>
>
> In master.cf:
>
> #standard port 25
> smtp inet n - n - - smtpd
>
> #restricted interface to receive email only from specified hosts
> 192.168.1.100:25 inet n - n - - smtpd
> -o
> smtpd_client_restrictions=${smtpd_client_restrictions_limited-interface}
> -o
> smtpd_recipient_restrictions=${smtpd_recipient_restrictions_limited-interface}
>
>
> In main.cf:
>
> smtpd_client_restrictions_limited-interface =
> permit_mynetworks
> permit_sasl_authenticated
> check_client_access
> hash:$config_directory/tables/smtpd_client_access_limited-interface
> reject
>
> smtpd_recipient_restrictions_limited-interface =
> reject_non_fqdn_recipient
> reject_unknown_recipient_domain
> check_recipient_access
> pcre:$config_directory/tables/smtpd_recipient_access_limited-interface.pcre
> #optional
> permit_mynetworks
> permit_sasl_authenticated
> reject_non_fqdn_hostname
> reject_invalid_hostname
> reject_unlisted_recipient
> reject_unauth_destination
>
>
> In tables/smtpd_client_access_limited-interface (which must be
> postmap'ed to ".db" format):
>
> #allow primary MX relay servers on the limited interface;
> 10.10.10.10 OK
> 10.10.10.11 OK
> 10.10.10.12 OK
> 10.10.10.13 OK
> 10.10.10.14 OK
>
>
> In tables/smtpd_recipient_access_limited-interface.pcre
>
> # Limited interface: accept only mail for domains that are relayed
> through the primary MX;
> # (this file is not really necessary since the interface is limited to
> receive mail only
> # from known relay servers, but I include it as an example; it could
> be useful if you
> # didn't know the relay server IPs but wanted to restrict reception of
> email on
> # particular interface to specific domains only)
> /@(domainone\.com|
> domaintwo\.com|
> domainthree\.com|
> fomainfour\.info|
> domainfive\.net|
> domainsix\.org)$/x OK
>
> # reject everything that is not on the above list;
> # rejection must be included or else everything is allowed!
> /^/ REJECT
>
> ---
>
> You could, of course, extrapolate a configuration from the above that
> would not have an open interface at all and so all mail reception
> would then be limited to the primary MX relay servers.
>
> This was discussed more extensively on the list in last November.
> Check out the archives here ->
> http://marc.info/?t=122613480800001&r=1&w=2
>
> Ville
>
