Filter incoming emails by source IP but depending on destination domains
Hello, I have a server with different domains on it. Some domains should only receive emails from specific IP adresses (SPAM filtering) while other domains should accept emails from all domains. How could I implement this ? I suppose I have to do a hash with the specific IPs, and add this hash as filter for the domains that should be filtered ? Is this correct, and could someone point me to how it should be done ? Thanks a lot in advance, Denis
Re: Filter incoming emails by source IP but depending on destination domains
* Denis BUCHER : > Hello, > > I have a server with different domains on it. Some domains should only > receive emails from specific IP adresses (SPAM filtering) while other > domains should accept emails from all domains. > > How could I implement this ? smtpd_restriction_classes -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschimpfung.de The probability of someone watching you is proportional to the stupidity of your action.
Re: Removing recipient_delimiter when forwarding mail: propagate_unmatched_extensions vs. smtp_generic_maps
On Thu, Apr 9, 2009 at 11:21 PM, Victor Duchovni wrote: > On Thu, Apr 09, 2009 at 11:09:17PM +0200, Daniel Hahler wrote: > >> > propagate_unmatched_extensions = canonical, virtual I was referring to "propagate_unmatched_extensions = canonical" here. >> But that would also include the whole of virtual delivery, no? (e.g. >> to virtual_domains etc > > Yes, of course. When some downstream domains can't handle recipient > extensions, you need to drop the extension for all downstream domains. And I've meant my own virtual_domains handling here: it does not get passed to downstream, but stays on the server (and the extension should not get dropped). >> Don't you think that smtp_generic_maps is a better approach? > > With smtp_generic_maps, you could selectively drop the extension, > provided you have a list of addresses to which the extensions may have > been propagated by upstream virtual rewriting. In this case you would > use identity smtp_generic_maps entries for the unextended addresses to > suppress the extension. That's what I'm doing now - currently for any gmx.* (extended) recipients. Thanks, Daniel -- http://daniel.hahler.de/
Re: Filter incoming emails by source IP but depending on destination domains
Denis BUCHER wrote: Hello, I have a server with different domains on it. Some domains should only receive emails from specific IP adresses (SPAM filtering) while other domains should accept emails from all domains. How could I implement this ? I suppose I have to do a hash with the specific IPs, and add this hash as filter for the domains that should be filtered ? Is this correct, and could someone point me to how it should be done ? Thanks a lot in advance, Denis Here's the documentation on how to do something like this: http://www.postfix.org/RESTRICTION_CLASS_README.html A brief example: #main.cf smtpd_delay_reject = yes (this is the default; required for this example) smtpd_restriction_classes = from_spamfilter_only from_spamfilter_only = check_client_access cidr:/etc/postfix/from_spamfilter.cidr smtpd_client_restrictions = check_recipient_access hash:/etc/postfix/filtered_domains # filtered_domains table # postmap this table after edits! example.com from_spamfilter_only other.example.org from_spamfilter_only # from_spamfilter cidr table # postmap not necessary. 10.1.1.0/27 OK 192.168.100.127 OK # next line rejects any unauthorized clients 0.0.0.0/0 REJECT you must use our MX host -- Noel Jones
Limits for cidr files
Does anybody know what practical limits are for cidr files? Specifically, would there be any problem loading it with something like uceprotect, which currently has around 2M entries? Thanks, Terry
