I suppose your answers are true, I think more in securing a business network, less than an isp style arrangement..
Try smtpd_client_restrictions = permit_mynetworks, reject (things relating to the connection.. http://www.postfix.org/postconf.5.html#smtpd_client_restrictions reject Reject the request. This restriction is useful at the end of a restriction list, to make the default policy explicit. The reject_code configuration parameter specifies the response code for rejected requests (default: 554). And possibly remove the permit_mynetworks from smtpd_recipient_restrictions since the man pages suggest recipient restrictions are in reply to RCPT TO commands.. http://www.postfix.org/postconf.5.html#smtpd_recipient_restrictions Nick > -----Original Message----- > From: Andrew Long [mailto:furs...@gmail.com] > Sent: Wednesday, July 29, 2009 10:50 PM > To: Nick Sharp > Subject: Re: proper ordering of reject > > > My_networks should really be considered trusted sources.. you are > saying > > permit_mynetworks (which includes your relay-IP list) so if you think > there is > > some potential they might send something dodgy, they shouldn't be in > > my_networks.. > > I presume that's not really realistic. An ISP allows mail from their > block knowing full well that a host may be infected or a user may be a > spammer; they allow and then take steps to mitigate. > > > I am presuming since they are getting caught by RBL's you don't > > want to relay for them - sure fire way of getting your server > listed.. > > We have to relay for them. It's a contract. > > > What are your hotspots comprising of? Public pc's (who's subnets?) ? > Ie > > wireless hotspots? let them send email via their own smtp servers, if > they don't > > have one, then they can use webmail.. > > Not an option. Clients at semi-public wireless hotspots that we must > relay for, however much I dislike it. > > >it doesn't become your problem then. If > > its a server at the hotspot you want to allow, then the original > suggestion > > will fix it presuming the remote smtp server @ the hotspot is a local > only > > config (doesn't relay for hotspot clients) > > There is no other server. Wireless clients receive the address of our > smtp server in a radius profile. > > Back to my original question, how can allow the connections from > mynetworks and relay-ip ONLY, and then continue with further checks on > those who are allowed? > > Thanks.
