On Mon, Mar 25, 2013 at 02:44:57AM +0000, Billy Blanco wrote: > Does postfix support 'port based' acl's? > > I'm trying to set it up in a way to only allow postini connections > over port 25 (apparently they won't deliver over any other port), > while having all other clients connect over port 465.
SMTPS (SMTP over SSL) is deprecated and not recommended. Submission should be done on 587 (submission) using TLS and SASL. > Been combing the docs and haven't found anything useful yet. http://www.postfix.org/SMTPD_ACCESS_README.html http://www.postfix.org/postconf.5.html#check_client_access http://www.postfix.org/access.5.html > I know I could do something with iptables or on the network level, > but kind of like the idea of postfix handling the rejects with a > custom message returned back to the sender and a log entry made. > > If possible, examples would be great. main.cf : smtpd_recipient_restrictions = reject_unauth_destination, check_client_access cidr:/etc/postfix/postini.cidr, reject # Doing the Postfix 2.10.x copout, sorry. Read the 2.10 release # notes if you're using 2.10.x and want to use this new feature. smtpd_relay_restrictions = submission_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject master.cf (under each smtpd for smtps and submission): -o smtpd_recipient_restrictions=$submission_recipient_restrictions postini.cidr : # List all Postini outbound relays as a CIDR expression or as single # IP addresses without the /xx ip.add.re.ss/xx permit_auth_destination other.add.re.ss/xx permit_auth_destination 0.0.0.0/0 reject This host is not MX for example.com, go away. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
