On Mon, Sep 17, 2012 at 03:51:03PM -0500, l...@airstreamcomm.net wrote:
> We would like to block a couple ranges of ips before a sasl login is
> able to happen. Smtpd_recipient_restrictions looks like this:
>
> smtpd_recipient_restrictions =
> permit_mynetworks,
> check_client_access cidr:/etc/postfix/restricted
If the blocked IP address is in the cidr:/etc/postfix/restricted map
with a reject result, it might do what you want.
> permit_sasl_authenticated,
> check_client_access mysql:/etc/postfix/authb4smtp.cf,
If it is returned by the mysql:/etc/postfix/authb4smtp.cf query, it
will not do anything useful, because you already passed
"permit_sasl_authenticated".
> reject_unauth_destination
>
> Just want to confirm this configuration will reject connections
> before sasl is allowed.
I'm thinking you want to reject mail from a user which will be
authenticated. But what you SAY here is "reject *connections* before
sasl is allowed."
If you mean what I think you mean, see above. If you mean exactly
what you say, see the other posts in the thread (I think I'd go for
the firewall blocking, personally.)
> Also would it make more sense to put the
> check_client_access cidr:/etc/postfix/restricted in
> smtpd_client_restrictions instead?
Maybe. See
http://www.postfix.org/SMTPD_ACCESS_README.html
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
