El 22/07/2014 8:58, Jonas Wielicki escribió:
On 22.07.2014 08:17, Nicolás wrote:
Having this configuration, anyone using my mail server as the relayhost
is able to send mails to the domains that I handle (not outside), even
without SASL. I guess that behavior is determined by
'defer_unauth_destination', however, my aim is to specifically allow
certain IPs to use my mail server as relayhost, otherwise reject the
requests.
I tried putting a 'reject' line after 'defer_unauth_destination' and
although it seemed to achieve the desired effect, this would block any
incoming e-mails from any sender, logically.
So, here goes the question: Is there a way to only whitelist certain IPs
to use this server as the relayhost and reject anyone else but without
affecting incoming e-mails?
Sorry, I’m failing to understand what you want exactly.
When you say “allow certain IPs to use my mail server as relayhost,
otherwise reject the request”, does that include rejecting to relay to
your *own* domains?
If so, what do you mean by “incoming e-mails”?
If not, permit_mynetworks might indeed be what you’re looking for.
regards,
jwi
The final goal is to handle who can send e-mails through my server as
relayhost. At this moment, anyone configuring their Postfix with my mail
server as the relayhost could send e-mails to any address that I handle
(i.e., my domains). By "incoming e-mails" I mean that if I end the
smtpd_relay_restrictions with "reject", *any* incoming e-mail from
*anywhere* to any address that I handle is rejected with "access denied".
The mynetworks solution would work for static IPs, but I realized I have
clients with dynamic IPs. Would it be possible to allow *only* sending
mails through my host as relayhost for the SASL authenticated users, but
without rejecting the above mentioned incoming messages?
Thanks.
