Re: Force mail to go through primary MX
Andrew Hodgson wrote: Hi, I am running Postfix on Ubuntu 9.04. I have a primary MX server which does antispam/av etc, and the Postfix system which is receiving the messages for the mailing lists etc. I want to stop people from sending directly to the Postfix server, and only allow connections to the relevant domains from the primary MX servers. Is this possible? Thanks. Andrew. Use a check_client_access map to control what IPs can send mail to your server. # main.cf smtpd_client_restrictions = check_client_access cidr:/etc/postfix/allowed_clients # reject all unlisted clients reject # allowed_clients 192.168.3.0/24 OK 192.0.2.12 OK ... -- Noel Jones
Re: Force mail to go through primary MX
Noel Jones wrote: Use a check_client_access map to control what IPs can send mail to your server. # main.cf smtpd_client_restrictions = check_client_access cidr:/etc/postfix/allowed_clients # reject all unlisted clients reject Andrew, is your server listed as a secondary MX for the domains in question? If your server is listed as a MX host officially in DNS, you should IMHO not use plain reject there, but rather a 4** error message to make sure that clients connect to the primary MX instead. As far as I can tell, reject would force the clients to give up on that message completely and bounce it to the sender. Hope this helps, wolfgang
RE: Force mail to go through primary MX
Wolfgang Zeikat wrote: Noel Jones wrote: Use a check_client_access map to control what IPs can send mail to your server. [...] Andrew, is your server listed as a secondary MX for the domains in question? No, the primary MX server is the only server listed in the MX table. However, it may be possible that I want to host some other domains on the server, which the server would be primary MX for at some point, but I will probably use the solution posted here in the short-term at least. Thanks. Andrew.
RE: Force mail to go through primary MX
Noel Jones wrote: Andrew Hodgson wrote: Hi, I am running Postfix on Ubuntu 9.04. I have a primary MX server which does antispam/av etc, and the Postfix system which is receiving the messages for the mailing lists etc. I want to stop people from sending directly to the Postfix server, and only allow connections to the relevant domains from the primary MX servers. Use a check_client_access map to control what IPs can send mail to your server. # main.cf smtpd_client_restrictions = check_client_access cidr:/etc/postfix/allowed_clients # reject all unlisted clients reject Thanks, that worked for me in the end, though I added in a permit_mynetworks statement to allow the Mailman to relay through the server from localhost. All tested ok, Andrew.
