On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote: > Domain2.edu smtp:[10.2.3.5] > > Domain2 has recently been signed up for a cloud spam scanning service, > so our postfix host is no longer MX for this domain, the spam scanning > service is MX and forwards mail to out postfix host. The problem I've > encountered is that spammers don't seem to use the updated MX records, > they still use the postfix host as if it were MX. So, what I assume I > need to do here is tell postfix that for Domain2 only relay mail from > the cloud spam scanning service and our networks.
My understanding is that you want to refuse mail for domain2 recipients *unless* it originates from your network or the cloud. > How can I do this with postfix? I've searched around these lists and the > web in general, the best explanation I can find is this: You could use restriction classes but that is unnecessary. Assuming the cloud only sends mail to you for domain2, whitelist the cloud's IP *after* reject_unauth_destination but *before*, in the same restriction list, rejecting all mail addressed to domain2. http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html -- Sahil Tandon <sa...@freebsd.org>
