On Tue, 2006-01-17 at 00:04 -0600, david rankin wrote:
From: "Sandy Drobic"
Sandy Drobic wrote:
david rankin wrote:
List, (Sandy):
I am getting more and more spam sent to root@rankin-bertin.com. How do I stop delivery from the internet to root but still allow delivery to root from localhost or the local lan? Can I add an entry to recipient_check or something similar?
Yes, just put in the check after local mail from your network has already been accepted. This example assumes that you have set rankin-bertin.com as $myorigin (your default domain).
and that the local server and the local clients who should be able to send mails to root ar in $mynetworks or use sasl auth.
OK, here is another question. How do I handle the situation where $myorgin is rbpllc.com, but rankin-bertin.com, rankinlawfirm.com and guillorylaw.com all resolve to the same IP? Ideally, I would like to have mail to root@anyofthose.com rejected from the internet. First thought is multiple listing in check_recipient_access hash:/etc/postfix/recipients_internal_only:
/etc/postfix/recipients_internal_only: root@rbpllc.com REJECT root@rankin-bertin.com REJECT root@rankinlawfirm.com REJECT
Given your comment above, will I run into trouble with the other domain names? Any thoughts on handling that situation? It looks like local delivery should work regardless. Currently,
mynetworks = 127.0.0.0/8 192.168.7.0/24 [::1]/128 [fe80::20f:eaff:fed1:2627]/64 [::192.168.7.15]/96 [::127.0.0.1]/96 mynetworks_style = subnet
Is there anything that would cause the mutiple domains in recipients_internal_only to cause trouble?
I'm using something similar in postfix as follows: in main.cf: smtpd_recipient_restrictions =hash:/etc/postfix/incoming_access,permit_mynetworks,reject_unauth_destination in /etc/postfix/incoming_access I have entries like: incoming_access:root@ permit_mynetworks,reject incoming_access:mailer-daemon@ permit_mynetworks,reject incoming_access:virusalert@ permit_mynetworks,reject incoming_access:administrator@ permit_mynetworks,reject incoming_access:daemon@ permit_mynetworks,reject incoming_access:lp@ permit_mynetworks,reject incoming_access:news@ permit_mynetworks,reject incoming_access:uucp@ permit_mynetworks,reject Add as many local addresses as needed. Works well here to block email to local admin accounts. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998