On 2010-06-04 1:27 PM, Dan Burkland wrote:
> For my Postfix + Postini setup I have the following configuration options
> set:
>
> relayhost = PostiniFQDNGoeshHere
> mynetworks = 127.0.0.0/8, PostiniIPBLockGoesHere
> smtpd_recipient_restrictions =
> permit_mynetworks,permit_sasl_authenticated,reject
>
> -Dan
Ugh, why in the world would you put them in your mynetworks?
Although I use webroot, the concept is identical:
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_client_access cidr:/etc/postfix/allowed_clients.cidr,
check_recipient_access hash:/etc/postfix/x-employees,
check_sender_access hash:/etc/postfix/blocked_senders,
check_sender_access hash:/etc/postfix/nospoof
Where allowed_clients.cidr contains:
# Allowed IP blocks, with subsequent checks. To disallow subsequent
# checks, use permit_auth_destination instead of dunno
#
# webroot netblocks
208.87.136.0/23 dunno
203.100.58.0/24 dunno
194.116.198.0/23 dunno
#
# Reject all clients not matching anything above
#
0.0.0.0/0 reject unauthorized client, please use our MX
--
Best regards,
Charles