On 2010-05-05 ram wrote: > On Tue, 2010-05-04 at 12:29 +0300, Appliantologist wrote: >> I still need to accept mail for the email addresses we host on our >> machine from the net, so blocking port 25 or mynetworks as local host >> would seem to prevent that. we still have users on the domain that >> get mail to the address, except now we forward that mail to gmail >> using the virtual table [...] > 1) Add > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > permit
The default is "permit_mynetworks, reject_unauth_destination", which should be sufficient for his scenario. > 2) create a relaydomains file > http://www.postfix.org/postconf.5.html#relay_domains > > 3) And ask the legitimate senders to use sasl auth What for? AFAICS he's not relaying for any other domain, but only forwarding particular (local/virtual) addresses to gmail mailboxes. And we still don't know how the supposed spams are entering Postfix in the first place. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
