On 2013.10.25 14:21:11 -0500, Noel Jones wrote:
> > Apparently it is not a hoax, so the question remains, for those of
> > us who do not have the enterprise tools to lock down iPhones and
> > iPads, what is the best/most reliable way to simply block LinkedIn
> > from being able to successfully connect to the SMTP server?
[...]
> Basically two choices...
>
> 1. block all *.linkedin.com clients BEFORE any
> permit_sasl_authenticated statement. This will also have the effect
> of blocking all incoming linkedin mail. That may be a little too
> strict for some folks, or maybe just fine with others.
>
> Something like:
> smtpd_client_restrictions =
> check_client_access hash:/etc/postfix/banned_clients
>
> # banned_clients
> linkedin.com REJECT mail from LinkedIn not welcome here
[...]
> (well, I suppose firewall their IP range is a third choice... That
> suffers from the problem of reliably finding their IP range.)
4. Something like:
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/banned_clients
#!/bin/sh
for as in AS55163 AS40793 AS20366 \
AS20049 AS197613 AS197612 AS14413 AS132466
do
whois -h whois.radb.net -- "-i origin ${as}" \
| grep ^route \
| awk '{print $2 "\t\tREJECT Deprecated"}' \
>> /etc/postfix/banned_clients
done
http://bgp.he.net/
--
Best regards,
Manuel
