Guys,

Thanx for the comments...

I think the light is starting to dimly glow above my head!  However, if
I add these IP hosts to $mynetworks, wouldn't I then need to create some
type of access map that explicitly denies any sender addresses from the
domains we protect. In other words:

smtpd_sender_restrictions = permit_mynetworks,
hash:/etc/postfix/reject_map

...where <reject_map> contains:

example.com REJECT
example.org REJECT
etc.

If this is true, then I'm on board with your ideas/plan/approach...if
I'm still off base, forgive my apparent (and utter) ignorance!

Thanx for your patience...

Dustin.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary V
Sent: Thursday, March 16, 2006 1:54 PM
To: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] Advanced Rule...

Dustin wrote:

> This would be true if our server was directly attached to or hosted
all
> the mailboxes for the protected domains...we, however, are only using
> this solution as a gateway for incoming mail for all the domains we
> protect...which postfix then forwards (after filtering, etc.) to the
> 'real' mail host for the particular domain...

> As a result, settings regarding $mynetworks really won't help in this
> situation...unless I am missing something (large!)...

I think you could place the IP addresses of the (outgoing) mail servers
for which you relay mail in mynetworks to solve the 'mynetworks'
problem.

For the example.com domain you relay to host mail.example.com.
The users at example.com send mail out through host smtp.example.com.
Place the IP address of smtp.example.com in mynetworks. That way if
someone at example.com creates an email to example.org (also one of
your domains), it will not be rejected. If someone from a different
network claims to be sending from example.com, they will be rejected.
Once again, this breaks forwarding (which probably cannot be avoided
no matter which method you use) and requires that people claiming to
be from one of your domains actually uses servers listed in mynetworks
for their outgoing mail.

Gary V



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting
language
that extends applications into web and mobile media. Attend the live
webcast
and join the prime developer group breaking into this new coding
territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to