[opensuse] Require all local IP to only send to local IP and Restrict local.domain.com to local.domain.com
Hello, I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain. I am using. smtpd_restriction_classes = local_only local_only = reject_unlisted_recipient permit_auth_destination smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/clients_local_only permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination So I have in /etc/postfix/clients_local_only. --------------------------client_local_only------------------------------- 192.168.0.0/16 local_only --------------------------client_local_only------------------------------- I have in /etc/postfix/access all 64770 IP's with local_only: ----------------------------access---------------------------------------- domain.com OK public_ip OK ... 192.168.0.1 local_only ... 192.168.255.254 ----------------------------access---------------------------------------- I have now the above and below is my main.cf, but they can send outside of 192.168.x.x ----------------------------------Main.cf------------------------------- recipient_delimiter = + debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases setgid_group = maildrop html_directory = /usr/share/doc/packages/postfix/html manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES inet_protocols = all biff = no mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_alias_maps = hash:/etc/postfix/virtual virtual_alias_domains = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = domain.domain.com program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = domain.com mydestination = domain.com, $myhostname, localhost.$mydomain, mail.domain.com defer_transports = mynetworks_style = subnet disable_dns_lookups = no relayhost = mailbox_command = mailbox_transport = strict_8bitmime = no disable_mime_output_conversion = no strict_rfc821_envelopes = no alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 10240000 smtpd_restriction_classes = local_only local_only = reject_unlisted_recipient permit_auth_destination smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/clients_local_only permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = yes smtp_use_tls = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom home_mailbox = Maildir/ header_checks = regexp:/etc/postfix/maps/header_checks mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks body_checks = regexp:/etc/postfix/maps/body_checks ----------------------------------Main.cf------------------------------- What am I missing? -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boyd Lynn Gerber wrote:
Hello,
I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain.
Please do not open a second thread for the same problem. I already replied to your first thread. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 24 Aug 2007, Sandy Drobic wrote:
Boyd Lynn Gerber wrote:
I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain.
Please do not open a second thread for the same problem. I already replied to your first thread.
Sorry, I thought I need to make things clearer and so I did a new post. Sorry. -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Boyd Lynn Gerber wrote:
On Fri, 24 Aug 2007, Sandy Drobic wrote:
Boyd Lynn Gerber wrote:
I want to restrict all CLIENTS in 192.168.0.0/16 to send only to local domains. That is 192.168.0.0/16 only can send between 192.168.0.0/16. I have other public IP's that should be able to send any where. I am subsituting domain.com for the real domain. Please do not open a second thread for the same problem. I already replied to your first thread.
Sorry, I thought I need to make things clearer and so I did a new post. Sorry.
I and probably most other people prefer, if you simply rename the subject line. The threading will not be broken that way (for most mailclients) and the continuity is clear. - Threadsubject 1 | `-Threadsubject 2, was: Threadsubject 1 That way everyone should be happy. Please test my modification if it works (it should). -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Boyd Lynn Gerber
-
Sandy Drobic