On Jan 18, 2012, at 12:17 PM, Reindl Harald wrote: > > > Am 18.01.2012 18:14, schrieb Brian Evans - Postfix List: >> On 1/18/2012 12:05 PM, Reindl Harald wrote: >>> >>> Am 18.01.2012 17:59, schrieb Brian Evans - Postfix List: >>>> On 1/18/2012 11:41 AM, Reindl Harald wrote: >>>>> Am 18.01.2012 17:36, schrieb Jon August: >>>>>> Hi, >>>>>> >>>>>> We have a postfix machine setup as described here: >>>>>> http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-11.10 >>>>>> >>>>>> and we would like to use a third party to do our spam filtering. So, >>>>>> we'd like to continue using the machine for authenticated outbound mail, >>>>>> but we want to limit the inbound mail to the third party mail server. >>>>>> How do we configure postfix to do this? >>>>>> >>>>>> Outbound: >>>>>> -------------- >>>>>> ANY IP (authenticated) -> Postfix -> The World! (OK) >>>>>> >>>>>> Inbound: >>>>>> ------------ >>>>>> A.B.C.D -> Postfix (OK) >>>>>> Anything else -> Postfix (DENIED) >>>>>> >>>>>> Thank you for your help. >>>>> * add the ip to "mynetworks" >>>>> * add >>>>> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >>>>> in master.cf >>>>> >>>> I don't think that "master.cf" line is valid. >>>> >>>> Wouldn't this be better? >>>> >>>> In main.cf: >>>> mynetworks = 127.0.0.1, A.B.C.D >>>> smtpd_sasl_auth_enable=yes >>>> smtpd_recipient_restrictions = permit_sasl_authenticated, >>>> permit_mynetworks, reject >>> surely it is valid >>> >>> look at my 3 lines >>> submission = port 587, restricted to authenticated users only >>> you want the same for "smtp" (port 25) AND add the ip to "mynetworks" >>> >>> and even "mynetworks" is valid in "master.cf" >>> smtpd -o mynetworks=ip.addr.you.want.whitelisted -o >>> smtpd_client_restrictions=...... >> >> That was not what was written above >>> * add >>> "smtpd_sasl_auth_enable=yes,permit_sasl_authenticated,permit_mynetworks,reject" >>> in master.cf > > that was a snippet to point in the right direction > in the assumption that someone opens "master.cf" and > is seeing the "smtpd" line >
So, both solutions work? I like the idea of a private port for my filtering service. If I was to go that route, should I take my smtpd_recipient_restrictions and mynetworks lines out of main.cf? Thanks for all the help, Reindl and Brian. -Jon
