On Jan 5, 2010, at 9:57 AM, Wietse Venema wrote:
> Eric Williams:
>> On Tue, Jan 5, 2010 at 9:12 AM, Stan Hoeppner <s...@hardwarefreak.com>wrote:
>>
>>> Eric Williams put forth on 1/5/2010 8:02 AM:
>>>
>>>> I would like to apply the same access list so that users sending mail
>>> through this server can only reach those same domains.
>>>>
>>>> I've tried lots of recipient checking configs but nothing works so far.
>>> I'd rather not do this with the firewall, keeping the whitelist monitored by
>>> postfix only.
>>>
>>> So you want a dedicated smtp relay server that will only transfer mail
>>> between a
>>> handful of domains?
>
> You could use a tool such as Fail2Ban to watch the maillog file
> and update a Postfix access table.
>
> The steps would be
>
> 1) See if the domain is already in the Postfix access table.
> 2) Add the domain.
> 3) Rebuild the table.
>
> Example add-domain script:
>
> #!/bin/sh
>
> # usage: add-domain name
>
> case $# in
> 1) postmap -q "$1" the-postfix-access-table >/dev/null || {
> echo "$1" OK >>the-postfix-access-table
> postmap the-postfix-access-table
> };;
> *) echo Usage: $0 domainame 1>&2; exit 1;;
> esac
>
> If you handle lots of mail you will want to read and update the
> database files without running postmap commands for each email
> logfile record.
>
> Wietse
This is great info. I'll look into applying that is some form.
I think what I'm still missing is the proper restriction in the
smptd_recipient_restrictions section to restrict the outgoing mail.
check_sender_access hash:/etc/postfix/access
works for incoming blocking. I haven't found the right config for the blocking.
It if is implied in your response I apologize for my in-experience with this.
Thanks.
EW
