Barry Brimer wrote:
> Quoting Feizhou <feizhou@xxxxxxxxxxxx>:
>
>
>>Barry Brimer wrote:
>>
>>>I have a mail server that handles several domains. One of these domains
>>
>>has
>>
>>>decided to use Postini. For those not familiar with Postini, you set your
>>
>>MX
>>
>>>records to use their mail servers. They filter mail, and deliver you only
>>
>>the
>>
>>>clean virus/spam free mail. The idea is to only allow incoming mail from
>>
>>their
>>
>>>mail servers so spammers are unable to send to your mail server directly.
>>
>>This
>>
>>>is fairly simple to do with standard restriction classes for a dedicated
>>
>>mail
>>
>>>server. I am not sure how to accomplish this on a shared mail server.
>>
>>Ideally
>>
>>>I would like to instruct postfix to accept mail from anywhere for all
>>
>>domains
>>
>>>except one domain (the one using Postini) and only allow mail destined for
>>
>>that
>>
>>>specific domain to originate from Postini's mail servers. Any ideas would
>>
>>be
>>
>>>greatly appreciated.
>>
>>check_recipient_access
>> key value
>> postini-domain postini-domain-restrictions
>>
>>smtpd-restrictions
>> postini-domain-restrictions
>>
>>postini-domain-restrictons
>> check_client_access
>> key value
>> postini-ips/rdns OK
>> check_client_access
>> key value
>> anything(regex/pcre) REJECT
>
>
> Thanks for your response. For further clarification, my understanding of your
> instructions are as follows. Please correct any mistakes I have made. My
> domain will be example.com
>
> 1. Add an additional line to my smtpd_recipient_restrictions that reads:
>
> check_recipient_access hash:/etc/postfix/recipient_checks
>
> The contents of this file should read
>
> example.com example.com-restrictions
>
> Once completed, I run postmap against this file.
>
> 2. I currently use smtpd_recipient_restrictions for my access control. Can I
> include the example.com-restrictions directive in my
> smtpd_recipient_restrictions, or does it really belong in
> smtpd_sender_restrictions? Is there actually a plain smtpd_restrictions
> directive I am missing?
Ack, sorry that should be smtpd_restriction_classes
Putting all non restriction-classes rules under
smtpd_recipient_restrictions is fine.
>
> 3. example.com-restrictions is referenced in smtpd_xxx_restrictions above.
> If I understand correctly, I should add a line to my
> main.cf above my smtpd_recipient_restrictions that says:
No, after the smtpd_restriction_classes declaration(s)
smtpd_restriction_classes = example.com-restrictions
{more if you have}
Followed by the rule declarations per restriction class.
>
> example.com-restrictions =
> check_client_access regexp:/etc/postfix/example.com-restrictions.regexp
>
> The contents of this file should read:
>
> name or ip of postini-allowed mail server1 OK
> name or ip of postini-allowed mail server2 OK
> name or ip of postini-allowed mail server3 OK
> name or ip of postini-allowed mail server4 OK
> /^.*/ REJECT
>
> Thanks so much for your help, any input/correction/validation of this
> information is greatly appreciated!
You are welcome.
