Bob Proulx wrote > rdquiterio wrote: >> I've been using postfix for several years as a relay but never used it to >> restrict inbound mail, since it is done by an anti-spam appliance. >> >> But now, we need to implement an inbound rule like this: > > If inbound mail is already restricted by an anti-spam appliance then > isn't this going to need to configure the anti-spam appliance for it > and not your Postfix configuration? Because otherwise nothing you do > in Postfix will have any effect. Right? > > The problem is that I cannot implement both conditions on the anti-spam > proxy. I can implement the second condition but not both. So, currently, > the antisspam is allowing any mail to and from my recipients. > > And then if you open up the anti-spam appliance then do you need any > configuration change for Postfix? If the defense was there then > wouldn't adjusting the rules in the anti-spam appliance be enough? > > If you are thinking of removing the anti-spam appliance then setting > up Postfix is almost like a fresh configuration question of how should > you set up the full anti-spam in Postfix, right? > >> 1. Everybody on our domain should be allowed to receive email form a >> specific sender (
> abc@ > ) - i.e. notifications >> 2. A few users should be allowed to receive email from any sender or >> domain. > > I am not really a Postfix expert. I myself come here for help. I am > but a simple and grateful user of Postfix. But if it were me I would > have this following abbreviated configuration. I'll trim it from mine > somewhat and then let the actually knowledgeable folks correct my poor > and feeble attempt at helping. > > Please do not use "abc at xyz.com" as an example email address as that > is a valid domain name! Use example.com when needing an example name. > That way it will not collide with a real live in use valid name. > > In recipient-access file, add your all-spam-to users here: > > abuse@ OK > postmaster@ OK > > In sender-access file, add your approved sending domains: > I do NOT approve of this but it is exactly what you asked for! > > example.com OK > > Use 'postmap' to update the two map files above to db names. > > postmap recipient-access > postmap sender-access > > In main.cf file: > > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > check_sender_access hash:/etc/postfix/sender-access, > reject_invalid_hostname, > reject_non_fqdn_hostname, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > check_recipient_access hash:/etc/postfix/recipient-access, > reject_rbl_client zen.spamhaus.org > > If you are using /etc/postfix elsewhere such as /usr/local/etc/postfix > then adjust all paths accordingly. > > This does not have all of the configuration I would recommend. But > perhaps the minimum amount that I would tolerate. Perhaps a starting > place at best. > >> It seems to me that it is possible to achieve with smtpd restrictions, >> but I >> cannot figure out how to assemble senders and recipients parameters in >> main.cf. >> >> Any help would be appreciated. >> >> Thanks for your time. > > Hope this helps! > Bob -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html