Eric Williams:
> On Tue, Jan 5, 2010 at 9:12 AM, Stan Hoeppner <s...@hardwarefreak.com>wrote:
>
> > Eric Williams put forth on 1/5/2010 8:02 AM:
> >
> > > I would like to apply the same access list so that users sending mail
> > through this server can only reach those same domains.
> > >
> > > I've tried lots of recipient checking configs but nothing works so far.
> > I'd rather not do this with the firewall, keeping the whitelist monitored by
> > postfix only.
> >
> > So you want a dedicated smtp relay server that will only transfer mail
> > between a
> > handful of domains?
You could use a tool such as Fail2Ban to watch the maillog file
and update a Postfix access table.
The steps would be
1) See if the domain is already in the Postfix access table.
2) Add the domain.
3) Rebuild the table.
Example add-domain script:
#!/bin/sh
# usage: add-domain name
case $# in
1) postmap -q "$1" the-postfix-access-table >/dev/null || {
echo "$1" OK >>the-postfix-access-table
postmap the-postfix-access-table
};;
*) echo Usage: $0 domainame 1>&2; exit 1;;
esac
If you handle lots of mail you will want to read and update the
database files without running postmap commands for each email
logfile record.
Wietse
