[opensuse] Postfix to stop all email from internet/public IP's to user begining with bk
Hello and thanks in advance.
I want all email from public IP's/internet to bk...@example.com to be
rejected. The rules for restricting private IP's are working great thanks
to Sandy Drobic here and Mouss from the postfix mail list.
Now I need to stop all emails to users that begin with bk from the
internet but allow all other's. For example of two users...
bk2000@example.com
bk1921680001@example.com
Here is how the system is setup.
-----------------
| | --- Internet--
| Gateway Box | Internet public IP |
| |-----------------------|
| example.com | nic 1 example.com
| | email users@example.com
| |
| | Some users have bk1921680001@example.com
| | which is the same as the machine
---------------- ip1921680001.local.example.com
| bk1921680001@local.example.com
| bk...@example.com not all users are machine
| related but start with bk
| bk..@192.168.0.1
|
| nic's 2,3
| one 192.168.x.x
| local.example.com
|
Many Systems using the entire 192.168.x.x space
Email from any 192.168.x.x for bk...@example.com stays on the server for
them to read/pickup varies(working). What I want/need is any email from
the internet/Public IP to bk...@example.com to be rejected and keep
working any email from local.example.com or 192.168.x.x for
bk...@example.com. As it is now.
So for DNS I have 64770 entries in local.example.com as follows:
--------------------------local.example.com-------------------------
$TTL 3600
@ IN SOA example.example.com. root.example.example.com.(
2007080401 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS example.example.com.
ip1921680001 IN A 192.168.0.1
ip1921680002 IN A 192.168.0.2
...
ip192168255253 IN A 192.168.255.253
ip192168255254 IN A 192.168.255.254
--------------------------local.example.com-------------------------
and rDNS
---------------------168.192.in-addr.arpa---------------------------
$TTL 3600
@ IN SOA example.example.com. root.example.example.com. (
2007081201 ; Serial
3600 ; Refresh
1800 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS example.example.com
$GENERATE 1-254 0.$ IN PTR ip192168000$.local.hbboys.com.
...
$GENERATE 1-254 255.$ IN PTR ip192168255$.local.example.com.
---------------------168.192.in-addr.arpa---------------------------
so postconf -n will give for ...
masquerade_domains = example.com
mydestination = example.com,$myhostname,localhost.$mydomain,mail.example.com
myhostname = example.example.com
Thanks,
--
Boyd Gerber
On Sat, 25 Aug 2007, Boyd Lynn Gerber wrote:
I want all email from public IP's/internet to bk...@example.com to be rejected. The rules for restricting private IP's are working great thanks to Sandy Drobic here and Mouss from the postfix mail list.
Now I need to stop all emails to users that begin with bk from the internet but allow all other's. For example of two users...
Thanks solved on the postfix list.
--
Boyd Gerber
* Boyd Lynn Gerber
Thanks solved on the postfix list.
And kept it a secret, or had to sign a nda ??? -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 25 Aug 2007, Patrick Shanahan wrote:
* Boyd Lynn Gerber
[08-25-07 14:43]: Thanks solved on the postfix list.
And kept it a secret, or had to sign a nda ???
In main.cf I had to have
smtpd_restriction_classes = local_only
local_only =
# do not allow relaying
reject_unauth_destination
# accept only from mynetworks
check_client_access cidr:/etc/postfix/private_ip.cidr
# reject from other places
reject
smtpd_recipient_restrictions =
check_client_access cidr:/etc/postfix/clients_local_only
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
check_recipient_access pcre:/etc/postfix/private_address_only.pcre
smtpd_sender_restrictions =
check_sender_access pcre:/etc/postfix/private_address_only.pcre
check_recipient_access pcre:/etc/postfix/private_address_only.pcre
hash:/etc/postfix/access
------------------------private_address_only.pcre----------------------
/^bk.*@hbboys\.com$/ local_only
------------------------private_address_only.pcre----------------------
---------------------------private_ip.cidr-----------------------------
192.168.0.0/16 OK
---------------------------private_ip.cidr-----------------------------
-----------------------------clients_local_only------------------------
192.168.0.0/16 local_only
-----------------------------clients_local_only------------------------
--
Boyd Gerber
participants (2)
-
Boyd Lynn Gerber
-
Patrick Shanahan