ACL for postfix or sendmail

safsound · #1 02-14-2013

Hello,

i want to know how to configure a MTA to relay somes domain by IP source, example :

toto.com and titi.com can relay with ip sender 10.2.2.0/24 only
lulu.com can relay with ip sender 192.168.0.4/32 only
all domain can relay with ip sender 172.0.0.5/32 only

It's possible with policy server (postfix) but i dont know how to write policy about it

Or if it's possible with sendmail ?

i know how to allow relay by IP or by From: with /etc/mail/access but not twice at same time

Thanks

Safsound

DGPickett · #2 02-14-2013

Possible in sendmail but if it takes rewrite rules, very demanding. You mean incoming mail will be relayed to one of several hosts by domain? Nothing delivered locally? Or are you talking about outgoing mail? ACL is a file permission thing, usually.

Postfix is pretty standard about this sort of thing: Postfix SMTP relay and access control

safsound · #3 02-19-2013

Quote:

Originally Posted by DGPickett

Possible in sendmail but if it takes rewrite rules, very demanding. You mean incoming mail will be relayed to one of several hosts by domain? Nothing delivered locally? Or are you talking about outgoing mail? ACL is a file permission thing, usually.

Postfix is pretty standard about this sort of thing: Postfix SMTP relay and access control

Yes, i just want relay (outgoing) somes network to use my MTA, no local mail, example :

somes network -------> my MTA -----> outgoing mail (all destination)

i want filter somes network/domain from incoming but nothing to outgoing,

But i need to match network with his domain. not just allow a domain incoming or network incoming but twice

i see access control for postfix but i dont find any configuration example to help me

DGPickett · #4 02-19-2013

And you want different sending domains to relay to different mail servers?

safsound · #5 02-20-2013

Quote:

Originally Posted by DGPickett

And you want different sending domains to relay to different mail servers?

My MTA server dont use local mail distribution, just can relay somes customers. I know all IP source and domain that can use the MTA
They can use the MTA to relay on all destination (yahoo, google, etc ....)

The filter need to be only on incoming MTA with IP/DOMAIN match source

Actually my MTA can filter by IP or by source domain but not at same time to have a good secure filter

DGPickett · #6 02-20-2013

So, this is just a common outgoing email server to support clients, which must shun spammers.

Reverse lookup can be set up to say any domain, unless it checks with a forward lookup to match.

I guess in postfix you put your IPs in mynetworks and set to restrict: http://www.postfix.org/SMTPD_ACCESS_README.html#lists

From the man page referenced there, how to set mynetworks: http://www.postfix.org/postconf.5.html#mynetworks

safsound · #7 02-22-2013

Quote:

Originally Posted by DGPickett

So, this is just a common outgoing email server to support clients, which must shun spammers.

Reverse lookup can be set up to say any domain, unless it checks with a forward lookup to match.

I guess in postfix you put your IPs in mynetworks and set to restrict: Postfix SMTP relay and access control

From the man page referenced there, how to set mynetworks: Postfix Configuration Parameters

Thanks but i dont find any example to write the good syntax

example :

10.5.5.10 can send from toto.com on all domain in outgoing

Thread Tools	Search this Thread
Show Printable Version Email this Page Subscribe to this Thread	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Replace sendmail with Postfix	bpsunadm	Solaris	0	07-26-2010 12:24 PM