Fred Zinsli:
> Hello all
>
> Not clued up on postfix at all so thought I would ask here.
>
> I have primary and secondary MX servers, but my secondary server is on
> cable. My primary server is on the backbone.
>
> How can I configure my primary server to accept connections/mail from the
> secondary server but still refuse connections/mail from all other cable
> connections.
Secondary MX servers are often a problem because they accept SPAM
that your primary wants to reject. The problem is that the secondary
then returns the rejected SPAM to innocent people who didn't send it.
Assuming the following primary configuration to reject mail from
residential clients:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
# The following service is free for small sites.
reject_rbl_client zen.spamhaus.org
This is how the primary would make an exception for the secondary:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
# Whitelist the secondary.
check_client_access hash:/etc/postfix/client_access
# The following service is free for small sites.
reject_rbl_client zen.spamhaus.org
/etc/postfix/client_access:
# Secondary IP address here.
1.2.3.4 OK
Don't forget to execute "postmap /etc/postfix/client_access: whenever
the file is updated.
For background see http://www.postfix.org.SMTPD_ACCESS_README.html
and links from that page.
Wietse
