Barry Brimer wrote: > Quoting Feizhou <feizhou@xxxxxxxxxxxx>: > > >>Barry Brimer wrote: >> >>>I have a mail server that handles several domains. One of these domains >> >>has >> >>>decided to use Postini. For those not familiar with Postini, you set your >> >>MX >> >>>records to use their mail servers. They filter mail, and deliver you only >> >>the >> >>>clean virus/spam free mail. The idea is to only allow incoming mail from >> >>their >> >>>mail servers so spammers are unable to send to your mail server directly. >> >>This >> >>>is fairly simple to do with standard restriction classes for a dedicated >> >>mail >> >>>server. I am not sure how to accomplish this on a shared mail server. >> >>Ideally >> >>>I would like to instruct postfix to accept mail from anywhere for all >> >>domains >> >>>except one domain (the one using Postini) and only allow mail destined for >> >>that >> >>>specific domain to originate from Postini's mail servers. Any ideas would >> >>be >> >>>greatly appreciated. >> >>check_recipient_access >> key value >> postini-domain postini-domain-restrictions >> >>smtpd-restrictions >> postini-domain-restrictions >> >>postini-domain-restrictons >> check_client_access >> key value >> postini-ips/rdns OK >> check_client_access >> key value >> anything(regex/pcre) REJECT > > > Thanks for your response. For further clarification, my understanding of your > instructions are as follows. Please correct any mistakes I have made. My > domain will be example.com > > 1. Add an additional line to my smtpd_recipient_restrictions that reads: > > check_recipient_access hash:/etc/postfix/recipient_checks > > The contents of this file should read > > example.com example.com-restrictions > > Once completed, I run postmap against this file. > > 2. I currently use smtpd_recipient_restrictions for my access control. Can I > include the example.com-restrictions directive in my > smtpd_recipient_restrictions, or does it really belong in > smtpd_sender_restrictions? Is there actually a plain smtpd_restrictions > directive I am missing? Ack, sorry that should be smtpd_restriction_classes Putting all non restriction-classes rules under smtpd_recipient_restrictions is fine. > > 3. example.com-restrictions is referenced in smtpd_xxx_restrictions above. > If I understand correctly, I should add a line to my > main.cf above my smtpd_recipient_restrictions that says: No, after the smtpd_restriction_classes declaration(s) smtpd_restriction_classes = example.com-restrictions {more if you have} Followed by the rule declarations per restriction class. > > example.com-restrictions = > check_client_access regexp:/etc/postfix/example.com-restrictions.regexp > > The contents of this file should read: > > name or ip of postini-allowed mail server1 OK > name or ip of postini-allowed mail server2 OK > name or ip of postini-allowed mail server3 OK > name or ip of postini-allowed mail server4 OK > /^.*/ REJECT > > Thanks so much for your help, any input/correction/validation of this > information is greatly appreciated! You are welcome.