"Marcello Anderlini" wrote: >========================= >Feb 28 17:52:50 smtp postfix/smtpd[9525]: NOQUEUE: reject: RCPT from >vpn.database.it[83.216.185.74]: 450 4.7.1 <[email protected]>: >Recipient address rejected: Access denied; from=<[email protected]> >to=<[email protected]> proto=ESMTP helo=<[192.168.1.102]> >========================= >Has written before this should be an outgoing only email without any virtual >domain or user. I want to allow only specified ip to send and limit how many >messagges could be sended per hour.
I don't think you can do it in the way you are trying - it's two separate steps you need. But first, the error message isn't that helpful. Does PolicyD log anything (ie is it being called) ? You may need to turn up some debugging in PolicyD to see what's happening. What do you get if you turn up some debugging in Postfix - see (IIRC) debug_peer_list and debug_peer_level, level 1 gives a fair bit of information, level 2 gives a lot ? You can restrict the senders with an access table. I do this for when I have a prolific spammer spewing crap at me : smtpd_sender_restrictions = hash:/etc/postfix/access, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit Then create the access file if it doesn't already exist. I think for your requirements it would have something like this in it : 83.216.185.74 OK 0.0.0.0/0 REJECT Not an allowed user Don't forget to create the hashed file (postmap access) whenever you edit it. You can of course repleace this with a SQL query, and with some care it might even be possible to query a table from the PolicyD database - that would allow you to (for example) create a group in POlicyD with a list of allowed senders, and access this group in your SQL query. Note that PolicyD won't be using this group internally - it would only be for Postfix and doing it in the PolicyD GUI is only for convenience. Then in PolicyD, just make your policy match on "sender IP address/32". It will automatically create a tracking table entry for each individual IP address it sees. You do *NOT* add iindividual IPs to the config for this. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
