ACL for postfix or sendmail | Unix Linux Forums | UNIX for Dummies Questions & Answers

  Go Back    


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

ACL for postfix or sendmail

UNIX for Dummies Questions & Answers


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 02-14-2013
safsound safsound is offline
Registered User
 
Join Date: Nov 2009
Last Activity: 15 October 2014, 4:58 AM EDT
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
ACL for postfix or sendmail

Hello,

i want to know how to configure a MTA to relay somes domain by IP source, example :

toto.com and titi.com can relay with ip sender 10.2.2.0/24 only
lulu.com can relay with ip sender 192.168.0.4/32 only
all domain can relay with ip sender 172.0.0.5/32 only

It's possible with policy server (postfix) but i dont know how to write policy about it
Or if it's possible with sendmail ?

i know how to allow relay by IP or by From: with /etc/mail/access but not twice at same time

Thanks

Safsound

Last edited by safsound; 02-14-2013 at 07:13 AM..
Sponsored Links
    #2  
Old 02-14-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
Possible in sendmail but if it takes rewrite rules, very demanding. You mean incoming mail will be relayed to one of several hosts by domain? Nothing delivered locally? Or are you talking about outgoing mail? ACL is a file permission thing, usually.

Postfix is pretty standard about this sort of thing: Postfix SMTP relay and access control
Sponsored Links
    #3  
Old 02-19-2013
safsound safsound is offline
Registered User
 
Join Date: Nov 2009
Last Activity: 15 October 2014, 4:58 AM EDT
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by DGPickett View Post
Possible in sendmail but if it takes rewrite rules, very demanding. You mean incoming mail will be relayed to one of several hosts by domain? Nothing delivered locally? Or are you talking about outgoing mail? ACL is a file permission thing, usually.

Postfix is pretty standard about this sort of thing: Postfix SMTP relay and access control
Yes, i just want relay (outgoing) somes network to use my MTA, no local mail, example :

somes network -------> my MTA -----> outgoing mail (all destination)

i want filter somes network/domain from incoming but nothing to outgoing,

But i need to match network with his domain. not just allow a domain incoming or network incoming but twice

i see access control for postfix but i dont find any configuration example to help me
    #4  
Old 02-19-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
And you want different sending domains to relay to different mail servers?
Sponsored Links
    #5  
Old 02-20-2013
safsound safsound is offline
Registered User
 
Join Date: Nov 2009
Last Activity: 15 October 2014, 4:58 AM EDT
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by DGPickett View Post
And you want different sending domains to relay to different mail servers?
My MTA server dont use local mail distribution, just can relay somes customers. I know all IP source and domain that can use the MTA
They can use the MTA to relay on all destination (yahoo, google, etc ....)

The filter need to be only on incoming MTA with IP/DOMAIN match source

Actually my MTA can filter by IP or by source domain but not at same time to have a good secure filter
Sponsored Links
    #6  
Old 02-20-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
So, this is just a common outgoing email server to support clients, which must shun spammers.

Reverse lookup can be set up to say any domain, unless it checks with a forward lookup to match.

I guess in postfix you put your IPs in mynetworks and set to restrict: http://www.postfix.org/SMTPD_ACCESS_README.html#lists

From the man page referenced there, how to set mynetworks: http://www.postfix.org/postconf.5.html#mynetworks

Last edited by DGPickett; 02-20-2013 at 01:49 PM..
Sponsored Links
    #7  
Old 02-22-2013
safsound safsound is offline
Registered User
 
Join Date: Nov 2009
Last Activity: 15 October 2014, 4:58 AM EDT
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by DGPickett View Post
So, this is just a common outgoing email server to support clients, which must shun spammers.

Reverse lookup can be set up to say any domain, unless it checks with a forward lookup to match.

I guess in postfix you put your IPs in mynetworks and set to restrict: Postfix SMTP relay and access control

From the man page referenced there, how to set mynetworks: Postfix Configuration Parameters
Thanks but i dont find any example to write the good syntax

example :

10.5.5.10 can send from toto.com on all domain in outgoing
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Replace sendmail with Postfix bpsunadm Solaris 0 07-26-2010 12:24 PM



All times are GMT -4. The time now is 03:55 PM.