rdquiterio wrote:
> I've been using postfix for several years as a relay but never used it to
> restrict inbound mail, since it is done by an anti-spam appliance.
>
> But now, we need to implement an inbound rule like this:
If inbound mail is already restricted by an anti-spam appliance then
isn't this going to need to configure the anti-spam appliance for it
and not your Postfix configuration? Because otherwise nothing you do
in Postfix will have any effect. Right?
And then if you open up the anti-spam appliance then do you need any
configuration change for Postfix? If the defense was there then
wouldn't adjusting the rules in the anti-spam appliance be enough?
If you are thinking of removing the anti-spam appliance then setting
up Postfix is almost like a fresh configuration question of how should
you set up the full anti-spam in Postfix, right?
> 1. Everybody on our domain should be allowed to receive email form a
> specific sender (a...@xyz.com) - i.e. notifications
> 2. A few users should be allowed to receive email from any sender or
> domain.
I am not really a Postfix expert. I myself come here for help. I am
but a simple and grateful user of Postfix. But if it were me I would
have this following abbreviated configuration. I'll trim it from mine
somewhat and then let the actually knowledgeable folks correct my poor
and feeble attempt at helping.
Please do not use "abc at xyz.com" as an example email address as that
is a valid domain name! Use example.com when needing an example name.
That way it will not collide with a real live in use valid name.
In recipient-access file, add your all-spam-to users here:
abuse@ OK
postmaster@ OK
In sender-access file, add your approved sending domains:
I do NOT approve of this but it is exactly what you asked for!
example.com OK
Use 'postmap' to update the two map files above to db names.
postmap recipient-access
postmap sender-access
In main.cf file:
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
check_sender_access hash:/etc/postfix/sender-access,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
check_recipient_access hash:/etc/postfix/recipient-access,
reject_rbl_client zen.spamhaus.org
If you are using /etc/postfix elsewhere such as /usr/local/etc/postfix
then adjust all paths accordingly.
This does not have all of the configuration I would recommend. But
perhaps the minimum amount that I would tolerate. Perhaps a starting
place at best.
> It seems to me that it is possible to achieve with smtpd restrictions, but I
> cannot figure out how to assemble senders and recipients parameters in
> main.cf.
>
> Any help would be appreciated.
>
> Thanks for your time.
Hope this helps!
Bob
