[TriLUG] simple mail filter. best option?
Cristobal Palmer
cristobalpalmer at gmail.com
Mon Jul 24 17:27:15 EDT 2006
Looking at smtpd_sender_restrictions led me to the ACCESS(5) manpage,
which in turn led me (back) to REGEXP_TABLE(5).
Do I retain the advantages you described if I use regexp or pcre (I
see postfix-pcre is a package in the distro we're using) instead of
'smtpd_sender_restrictions = hash:/etc/postfix/access,
reject_unknown_sender_domain' in /etc/postfix/man.cf?
Thanks,
CMP
On 7/23/06, Aaron S. Joyner <aaron at joyner.ws> wrote:
> Cristobal Palmer wrote:
>
> > I have a site, bar.com, that will be receiving mail from clients such
> > as foo and baz who have their own domains, foo.com and baz.com.
> >
> > I want to set things up such that mail to foo at bar.com only gets
> > through if it came from *@foo.com, likewise mail to baz at bar.com should
> > be dropped if it didn't come from *@baz.com.
> >
> > What's the _best_ way to do this if I'm using postfix? Something
> > directly in postfix? Procmail?
> >
> > TIA,
> > CMP
> >
> Check out smtpd_sender_restrictions, you'll probably want to add a
> check_sender_access table like this:
> smtpd_sender_restrictions = check_sender_access
> hash:/etc/postfix/incoming-domains
>
> which points to a file with entries like these:
> foo.com ok
> baz.com ok
>
> You'll also need to makemap hash /etc/postfix/incoming-domains to create
> /etc/postfix/incoming-domains.db for the above example to be acceptably
> fast (I think it'll work if you don't, just at a great performance peril).
>
> More details can be found in the postfix documentation, here:
> http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions
>
> You'll probably want to do some other smtpd_sender_restrictions, and if
> you've already got several of them add the one above in the style of the
> others. Rejecting based on the MX might not be a bad idea either, as
> it'll cut down on spoofing at the expense of a dns lookup for every
> connection. If you can afford to do that depends on how likely someone
> is to spoof mail to you maliciously, and what volumes of mail you're
> talking about.
>
> Please post back if you have further questions,
> Aaron S. Joyner
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
--
Cristobal M. Palmer
UNC-CH SILS Student
TriLUG Vice Chair
cristobalpalmer at gmail.com
cmpalmer at ils.unc.edu
ils.unc.edu/~cmpalmer
"Television-free since 2003"
<tarheelcoxn> iank has trouble with English. his native language is Python
<iank> Yeah
<iank> I'm forced
<iank> To indent
<iank> My sentences
More information about the TriLUG
mailing list