[opensuse] Postfix to stop all email from internet/public IP's to user begining with bk
Hello and thanks in advance. I want all email from public IP's/internet to bk...@example.com to be rejected. The rules for restricting private IP's are working great thanks to Sandy Drobic here and Mouss from the postfix mail list. Now I need to stop all emails to users that begin with bk from the internet but allow all other's. For example of two users... bk2000@example.com bk1921680001@example.com Here is how the system is setup. ----------------- | | --- Internet-- | Gateway Box | Internet public IP | | |-----------------------| | example.com | nic 1 example.com | | email users@example.com | | | | Some users have bk1921680001@example.com | | which is the same as the machine ---------------- ip1921680001.local.example.com | bk1921680001@local.example.com | bk...@example.com not all users are machine | related but start with bk | bk..@192.168.0.1 | | nic's 2,3 | one 192.168.x.x | local.example.com | Many Systems using the entire 192.168.x.x space Email from any 192.168.x.x for bk...@example.com stays on the server for them to read/pickup varies(working). What I want/need is any email from the internet/Public IP to bk...@example.com to be rejected and keep working any email from local.example.com or 192.168.x.x for bk...@example.com. As it is now. So for DNS I have 64770 entries in local.example.com as follows: --------------------------local.example.com------------------------- $TTL 3600 @ IN SOA example.example.com. root.example.example.com.( 2007080401 ; Serial 3600 ; Refresh 1800 ; Retry 2419200 ; Expire 86400 ) ; Minimum IN NS example.example.com. ip1921680001 IN A 192.168.0.1 ip1921680002 IN A 192.168.0.2 ... ip192168255253 IN A 192.168.255.253 ip192168255254 IN A 192.168.255.254 --------------------------local.example.com------------------------- and rDNS ---------------------168.192.in-addr.arpa--------------------------- $TTL 3600 @ IN SOA example.example.com. root.example.example.com. ( 2007081201 ; Serial 3600 ; Refresh 1800 ; Retry 2419200 ; Expire 86400 ) ; Minimum IN NS example.example.com $GENERATE 1-254 0.$ IN PTR ip192168000$.local.hbboys.com. ... $GENERATE 1-254 255.$ IN PTR ip192168255$.local.example.com. ---------------------168.192.in-addr.arpa--------------------------- so postconf -n will give for ... masquerade_domains = example.com mydestination = example.com,$myhostname,localhost.$mydomain,mail.example.com myhostname = example.example.com Thanks, -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 25 Aug 2007, Boyd Lynn Gerber wrote:
I want all email from public IP's/internet to bk...@example.com to be rejected. The rules for restricting private IP's are working great thanks to Sandy Drobic here and Mouss from the postfix mail list.
Now I need to stop all emails to users that begin with bk from the internet but allow all other's. For example of two users...
Thanks solved on the postfix list. -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Boyd Lynn Gerber <gerberb@zenez.com> [08-25-07 14:43]:
Thanks solved on the postfix list.
And kept it a secret, or had to sign a nda ??? -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 25 Aug 2007, Patrick Shanahan wrote:
* Boyd Lynn Gerber <gerberb@zenez.com> [08-25-07 14:43]:
Thanks solved on the postfix list.
And kept it a secret, or had to sign a nda ???
In main.cf I had to have smtpd_restriction_classes = local_only local_only = # do not allow relaying reject_unauth_destination # accept only from mynetworks check_client_access cidr:/etc/postfix/private_ip.cidr # reject from other places reject smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/clients_local_only permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination check_recipient_access pcre:/etc/postfix/private_address_only.pcre smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/private_address_only.pcre check_recipient_access pcre:/etc/postfix/private_address_only.pcre hash:/etc/postfix/access ------------------------private_address_only.pcre---------------------- /^bk.*@hbboys\.com$/ local_only ------------------------private_address_only.pcre---------------------- ---------------------------private_ip.cidr----------------------------- 192.168.0.0/16 OK ---------------------------private_ip.cidr----------------------------- -----------------------------clients_local_only------------------------ 192.168.0.0/16 local_only -----------------------------clients_local_only------------------------ -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Boyd Lynn Gerber -
Patrick Shanahan