Dear List,
Using E2B with Extended Scripts, I have an email server sitting in a
private address DMZ (172.20.x.x) with two internal networks
(192.168.x.y). Connections from the internal network to an SMTP server
in the DMZ are masqueraded so they look like connections from the
firewall address on the 172.20. network. The SMTP server is also port
forwarded from the outside world for mail delivery etc.
In trying to lock down the server against being an unsecured relay,
Postfix offers a few options for clients wishing to send email. One is
to only allow clients from given networks or domains to send, another to
only allow sending to a limited range of domains. :-(
As far as I can see, all traffic to the server (from internal or
external hosts) appears to come from the 172.20. network so I can't
use this to discriminate against external senders (networks or domains).
Restricting the destination domains is likewise not an option.
Short of SMTP authorisation, what is the best/normal way to tackle this
either on the firewall or email server?
Is it possible/sensible to not masquerade this traffic from the internal
networks to the SMTP port and block outside users from sending in this
way? Are NOMASQ_DEST_BYPASS or NOMASQ_DEST of interest here? Seem to be
oriented towards a different problem.
Any suggetions?
Thanks and regards,
matt
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
