On Tue, Feb 23, 2010 at 08:23:11PM -0600, Noel Jones wrote: > On 2/23/2010 7:35 PM, Ruben Safir wrote: > >On Wed, Feb 24, 2010 at 01:41:00AM +0100, Steve wrote: > >> > >>-------- Original-Nachricht -------- > >>>Datum: Tue, 23 Feb 2010 19:32:25 -0500 > >>>Von: Ruben Safir<ru...@mrbrklyn.com> > >>>An: postfix-users@postfix.org > >>>Betreff: restricting acceptence of mail users except from local network > >> > >>>How do I get postfix to reject mails "From" my own domains coming from > >>>outside the local network? > >>> > >>If all your users are authenticating when sending mails you could use > >>something like "reject_sender_login_mismatch" to reject those senders (from > >>inside or outside) that use your domains but have not authenticated. > >> > > > >smtpd_recipient_restrictions = > >permit_mynetworks,reject_unauth_destination, reject_rbl_client > >zen.spamhaus.org > > > >Will that do it? > > > >Ruben > > > > While spamhaus is likely to block the majority of spam aimed at your > server, it won't specifically reject mail claiming to be from your > domain that isn't. >
I didn't think it would. Different issue. I want the mail to flatly deny any mail from any of my domains unless it arrives from my local network on eth1 which is a 10.0.0.0 block with hostnames given by my dhcpd server, or from the mailserver itself. I want it to flatly reject mail claiming to be from my doamins from anywhere else. > If spamhaus doesn't block "enough" of the spam, you can tell postfix > to reject mail claiming to be from unknown local sender addresses. > Set in main.cf: > smtpd_reject_unlisted_sender = yes > > or you can add a check_sender_access map to specifically reject your > domain when mail isn't local. > If, if it is not from my local network it is not legitimate mail if it is using my domain. I can not service or recieve mail addressed From mrbrklyn.com that isn't coming from my local network. It is 100% of the time always wrong. I know that panix allows me to send mail from my local network to the panix mail servers for later relay, using authentication, or maybe pop. I don't want this functionality. If it is not coming from our servers or hosts, its not us and I want to summerly reject such mail. > # WARNING this is likely to reject "some" legit mail > # main.cf > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > check_sender_access hash:/etc/postfix/sender_access > reject_rbl_client zen.spamhaus.org > > # /etc/postfix/sender_access > example.com REJECT only for internal use > > to activate these changes you'll need to run > # postmap sender_access > # postfix reload > > -- Noel Jones -- http://www.mrbrklyn.com - Interesting Stuff http://www.nylxs.com - Leadership Development in Free Software "The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society." © Copyright for the Digital Millennium
