On 1/18/2012 12:10 PM, Jon August wrote: > On Jan 18, 2012, at 11:59 AM, Brian Evans - Postfix List wrote: > >> On 1/18/2012 11:41 AM, Reindl Harald wrote: >>> Am 18.01.2012 17:36, schrieb Jon August: >>>> Hi, >>>> >>>> We have a postfix machine setup as described here: >>>> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 >>>> >>>> and we would like to use a third party to do our spam filtering. So, we'd >>>> like to continue using the machine for authenticated outbound mail, but we >>>> want to limit the inbound mail to the third party mail server. How do we >>>> configure postfix to do this? >>>> >>>> Outbound: >>>> -------------- >>>> ANY IP (authenticated) -> Postfix -> The World! (OK) >>>> >>>> Inbound: >>>> ------------ >>>> A.B.C.D -> Postfix (OK) >>>> Anything else -> Postfix (DENIED) >>>> >>>> Thank you for your help. >>> * add the ip to "mynetworks" >>> * add >>> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >>> in master.cf >>> >> I don't think that "master.cf" line is valid. >> >> Wouldn't this be better? >> >> In main.cf: >> mynetworks = 127.0.0.1, A.B.C.D >> smtpd_sasl_auth_enable=yes >> smtpd_recipient_restrictions = permit_sasl_authenticated, >> permit_mynetworks, reject >> >> Brian > Brian, > > I currently have this in main.cf: > > smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination > > and it allows all inbound mail from anywhere. Is the difference between > "reject" and "reject_unauth_destination" that "reject" rejects everything and > "reject_unauth_destination" only rejects mail for addresses we don't handle? Yes. If changed to reject, only clients who authenticate or are part of mynetworks will be allowed to send mail.
Brian
