The original message from the company said 'It's a block of 8 Class C
networks'. I (just) read things wrong. And said (to myself), 'self',
that's 8 ip's, right, right! (Dumb!!) Thanks to all.
Keith
On 11/2/2011 11:00 AM, /dev/rob0 wrote:
On Wednesday 02 November 2011 10:43:35 Keith Steensma wrote:
It's been a long time since I have participated in this list (goes
to show how good Postfiix is when it can run for years with so few
problems). Our company has decided to start using an outside SPAM
filtering service. Overall, this is doing a very good job. But we
are getting SPAM directly into out system and I need to block all
outside SMTP connections except the connections from a group of 8
IP address'.
CIDR notation: 199.89.0.0/21
Netmask notation: 199.89.0.0 with a netmask of 255.255.248.0
Address range: 199.89.0.0 through 199.89.7.255
That is of course much more than 8 addresses, that is 8 * 256. But no
matter.
I tried (from "Getting selective with SMTP access restriction
lists" web page)
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 199.89.0.0/21
But that only solved half the problem. Mail is still getting in
from from IP's (like from 203.200.235.214 by 125.160.50.143)
Can anyone offer a suggestion how to fix this problem the right
way?
main.cf :
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
check_client_access cidr:/path/to/filter_hosts, reject
/path/to/filter_hosts :
199.89.0.0/21 permit_auth_destination
0.0.0.0/0 REJECT Please use the MX host
Being a bit slow on the draw this morning I see that Charles has
suggested fundamentally the same thing, just done differently.
