On 8/22/2013 9:57 AM, Stan Hoeppner wrote: > On 8/22/2013 6:51 AM, Charles Marcus wrote: > >> The simple fact is, we do not have any users based *anywhere* but the >> US, so, is what is the simplest way to block any/all non-US based client >> connections on my submission port? > > > Use the us.zone ipdeny file to build a CIDR table to accept any US > client IPs and reject everything else. > > http://ipdeny.com/ipblocks/data/countries/us.zone > > But not now as it's currently broken.
It's fixed now. > Anyway, your solution should be as simple as something like this: > > submission inet n - - - - smtpd > ... > -o smtpd_client_restrictions=check_client_access\ > /etc/postfix/us.cidr, reject After you modify master.cf as above, do ~$ wget http://ipdeny.com/ipblocks/data/countries/us.zone ~$ sed 's/$/ OK/g' us.zone > us.cidr ~$ cp us.cidr /etc/postfix ~$ postfix reload and you're off to the races. -- Stan
