Le 04/06/2011 04:06, Jeroen Geilman a écrit :
> On 06/04/2011 02:50 AM, Kendrick wrote:
>> I am trying to make it so that postfix takes specific actions when
>> spam "from" my domian externally arrives.
>> smtpd_recipient_restrictions / reject_unknown_... looked prommising
>> but I dont see how to work it with the information given.
>>
>> When a new message arrives with [from: somt...@mydomain.com]
>> [to:somt...@mydomain.com] and sender ip address does not = $mynetworks
>> i want to send connecting pc's ip to external scripts if possible and
>> the least reject the message.
>>
>> reverse dns lookup from my internal dns server would work as well.
>> eventually I may be interested in having tls or something authenticate
>> external users to send from mydomian but that is not a big concern
>> right now. If need be vpn will solve that need.
>>
>> any suggestions are appriciated. If I missed a how-to or something I
>> appriciate the links. I dont always figure the best key words to find
>> these things.
>
> In main.cf:
>
> smtpd_recipient_restrictions = permit_mynetworks,
> check_sender_access hash:/etc/postfix/my_own_domains,
> reject_unauth_destination
>
Using check_*_access before reject_unauth_destination is discouraged. it
may (accidentally) lead to open relay should "someone" add an entry that
returns OK.
better use:
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_myneyworks
reject_unauth_destination
check_sender_access hash:/etc/postfix/access_sender
== access_sender:
techsoft3d.com REJECT
.techsoft3d.com REJECT
Note to OP: this rejects mail with a sender in your domain unless it
comes from mynetworks or is authenticated (SASL).
a better setup is to separate inbound mail service (MX) and submission
service (MSA), for example by using port 587 for submission. then you
wouldn't need to create exception ("reject unless").
> and in my_own_domains:
>
> techsoft3d.com REJECT
>
> etc.
>
> Or one of the other possible actions; there are quite a few, read the
> man page for details:
>
> http://www.postfix.org/access.5.html
>
he could start with
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/RESTRICTION_CLASS_README.html
