Quoting Feizhou <feizhou@xxxxxxxxxxxx>:
> Barry Brimer wrote:
> >
> > I have a mail server that handles several domains. One of these domains
> has
> > decided to use Postini. For those not familiar with Postini, you set your
> MX
> > records to use their mail servers. They filter mail, and deliver you only
> the
> > clean virus/spam free mail. The idea is to only allow incoming mail from
> their
> > mail servers so spammers are unable to send to your mail server directly.
> This
> > is fairly simple to do with standard restriction classes for a dedicated
> mail
> > server. I am not sure how to accomplish this on a shared mail server.
> Ideally
> > I would like to instruct postfix to accept mail from anywhere for all
> domains
> > except one domain (the one using Postini) and only allow mail destined for
> that
> > specific domain to originate from Postini's mail servers. Any ideas would
> be
> > greatly appreciated.
>
> check_recipient_access
> key value
> postini-domain postini-domain-restrictions
>
> smtpd-restrictions
> postini-domain-restrictions
>
> postini-domain-restrictons
> check_client_access
> key value
> postini-ips/rdns OK
> check_client_access
> key value
> anything(regex/pcre) REJECT
Thanks for your response. For further clarification, my understanding of your
instructions are as follows. Please correct any mistakes I have made. My
domain will be example.com
1. Add an additional line to my smtpd_recipient_restrictions that reads:
check_recipient_access hash:/etc/postfix/recipient_checks
The contents of this file should read
example.com example.com-restrictions
Once completed, I run postmap against this file.
2. I currently use smtpd_recipient_restrictions for my access control. Can I
include the example.com-restrictions directive in my
smtpd_recipient_restrictions, or does it really belong in
smtpd_sender_restrictions? Is there actually a plain smtpd_restrictions
directive I am missing?
3. example.com-restrictions is referenced in smtpd_xxx_restrictions above.
If I understand correctly, I should add a line to my
main.cf above my smtpd_recipient_restrictions that says:
example.com-restrictions =
check_client_access regexp:/etc/postfix/example.com-restrictions.regexp
The contents of this file should read:
name or ip of postini-allowed mail server1 OK
name or ip of postini-allowed mail server2 OK
name or ip of postini-allowed mail server3 OK
name or ip of postini-allowed mail server4 OK
/^.*/ REJECT
Thanks so much for your help, any input/correction/validation of this
information is greatly appreciated!
Thanks!
Barry
