Sahil, Thankyou for this, it did indeed do the trick, I've documented it on the WWW in case anyone else has a similar need:
http://sysadministrivia.blogspot.com/2010/06/stopping-spammers-using-old -mx-records.html I couldn't find the answer using Google, so hopefully someone else will be able to now. Cheers. -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Sahil Tandon Sent: Thursday, 24 June 2010 1:06 PM To: postfix-users@postfix.org Subject: Re: Stop spammers using outdated MX records. On Thu, 2010-06-24 at 12:47:50 +1000, Hal Douglas wrote: > Domain2.edu smtp:[10.2.3.5] > > Domain2 has recently been signed up for a cloud spam scanning service, > so our postfix host is no longer MX for this domain, the spam scanning > service is MX and forwards mail to out postfix host. The problem I've > encountered is that spammers don't seem to use the updated MX records, > they still use the postfix host as if it were MX. So, what I assume I > need to do here is tell postfix that for Domain2 only relay mail from > the cloud spam scanning service and our networks. My understanding is that you want to refuse mail for domain2 recipients *unless* it originates from your network or the cloud. > How can I do this with postfix? I've searched around these lists and > the web in general, the best explanation I can find is this: You could use restriction classes but that is unnecessary. Assuming the cloud only sends mail to you for domain2, whitelist the cloud's IP *after* reject_unauth_destination but *before*, in the same restriction list, rejecting all mail addressed to domain2. http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/postconf.5.html#check_recipient_access http://www.postfix.org/access.5.html -- Sahil Tandon <sa...@freebsd.org>
