Hi, everyone,
In need to block/reject one of my hosted domains foo.tld from sending
emails to a couple of external domains, while not restricting sending
to other domains like gmail.com nor restricting any of my other hosted
domains i.e. bar.tld from sending to these "bad domains". I also need
to stop "bad domains" from sending to the foo.tld.
So far the only solution that I've been able to make work has been to
create a new
restriction_class. Correct me if me logic isn't correct, but this
works fine for blacklisting (or for whitelisting exeptions), because
of the permit.
SENDING server:
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/footld_sender,
reject_unauth_pipelining,
reject_non_fqdn_recipient,
permit_mynetworks,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/verify_domains,
permit
footld_sender contains:
#postmaster exeption
postmas...@foo.tld OK
foo.tld bad_domains
smtpd_restriction_classes =
bad_domains
bad_domains =
check_recipient_access hash:/etc/postfix/bad_domains,
permit
bad_domains contains:
ab...@bad.tld OK
tld REJECT not allowed
bad.tld REJECT did you mean GOOD.tld
RECEIVING server current settings:
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/helo_access, <-restricts
external IPs from sending with my own domain name
warn_if_reject check_sender_access pcre:/etc/postfix/sender_access,
<- old blacklist of TLDs we blacked (pretty much for logging purposes
only)
hash:/etc/postfix/access_blacklist, <- our own custom blacklist
of known spammers/UBE senders
permit
smtpd_recipient_restrictions =
* ###check_sender_access hash:/etc/postfix/badtld_sender,*
permit_mynetworks,
reject_unknown_recipient_domain,
reject_unknown_client_hostname,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
check_policy_service inet:127.0.0.1:60000
reject_rbl_client zen.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
check_policy_service unix:private/policy,
permit
smtpd_relay_restrictions =
permit_mynetworks,
reject_unauth_destination
Haven't implemented, but I would assume, it should works exactly the same;
only need to switch foo.tld and bad.tld in files?
Is this a reasonable implementation of such a restriction in Postfix? Is
their another and potentially better/cleaner way of implementing this ?
*sorry for double posting too*
Enjoy your weekend,
Kristjan
