Mailinglist Archive: opensuse (2086 mails)

< Previous Next >
Re: [opensuse] Post Restrict local.domain.com to local.domain.com ::ffff:ip (OpenSUSE 10.2)
  • From: Sandy Drobic <suse-linux-e@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 24 Aug 2007 18:15:35 +0200
  • Message-id: <46CF0427.7020609@xxxxxxxxxxxxxxxxxxxxxxx>
Boyd Lynn Gerber wrote:
> On Thu, 23 Aug 2007, Sandy Drobic wrote:
>> Looks like scrambled eggs. (^-^)
> 
> Sadly, yes
> 
>> A restriction class in Postfix is meant to combine two different checks. I
>> still don't really know what exactly you want to restrict.
>>
>> Do you mean that you want to restrict all CLIENTS in 192.168.0.0/16 to
>> send only to local domains?
> 
> Yes, 192.168.0.0/16 only can send between 192.168.0.0/16
> 
>> In that case you would use something like this:
>>
>> smtpd_restriction_classes = local_only
>> local_only =
>>     reject_unlisted_recipient
>>     permit_auth_destination

My bad...

local_only =
        reject_unlisted_recipient
        permit_auth_destination
        reject

>> smtpd_recipient_restrictions =
>>     check_client_access cidr:/etc/postfix/clients_local_only
>>     permit_sasl_authenticated,
>>     permit_mynetworks,
>>     reject_unauth_destination
>>
>> /etc/postfix/clients_local_only:
>> 192.168.0.0/16      local_only
> 
> That is what I have now, but they can send outside of 192.168.x.x  The
> access file I have modified to also have the local_only  This is my
> main.cf file.

No wonder, I forgot to add "reject" at the end of the restriction class.

This will reject all mails to domains for which your server is not
responsible, in other words, no relaying allowed.

While it is possible to check the MX for a domain
(check_recipient_mx_access), for security reasons you can't use "OK" as
result for such a check. But "permit_auth_destination" should do the trick.

> 
> ----------------------------------Main.cf-------------------------------

Better send the output of "postconf -n", it is much more readable.

-- 
Sandy

List replies only please!
Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups