Results 1 to 3 of 3
Hi all, ( PREFACE : This forum doesn't allow me yet to post AT symbol, cause it thinks I'm posting an email link. So consider I changed al AT symbol ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-25-2011 #1
- Join Date
- Sep 2008
How to REJECT/DISCARD mails from a domain BUT NOT subdomin in POSTFIX
(PREFACE: This forum doesn't allow me yet to post AT symbol, cause it thinks I'm posting an email link. So consider I changed al AT symbol as © to write this post)
I have a CentOS 5.5 w/ Postfix 2.3.3-2.1 in a machine that acts as a Mail Gateway, in the DMZ side of my network.
Lets say for example that my MX domain is "mydomain.com"
In order to avoid SPAM mails that usually come with the domain part of the sender like mydomain from external (es. From: foo©mydomain.com To: user.name©domain.com), I put a line in access_sender file like the following:
mydomain.com DISCARD No mails from external with mydomain name.
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, ..... check_sender_access hash:/etc/postfix/access_sender, .....
This worked, but unfortunately it discarded even mails that had From like "someone©certmail.mydomain.com".
Since I wanted them to enter in my network, I changed the access_sender file to read:
©mydomain.com DISCARD No mails from external with mydomain name.
It makes all the mails pass to the internal network (until reaching the mail server in transport), just like the line rule were not present at all...
If I try to regexp the rule in regexp/pcre:headers_checks file like the following:
/From:.*©mydomain.com/ DISCARD No mails from external with mydomain
So, in other hands, I'd like to write down a rule for my mail gateway with postfix that:
- DISCARDs mails from external with From = *©mydomain.com
- ACCEPTs mails from external with From = *©<anysubdom>.mydomain.com
- ACCEPTs mails sent from "mynetworks" to external
Tnx in advance
- 08-26-2011 #2
A couple of thoughts/questions.
With the most recent config, does your main.cf read:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, ..... check_sender_access pcre:headers_checks, .....
Regardless, maybe you could format your regexp like, "/From:.*?@mydomain.com/". (Notice the addition of the question mark.)
- 08-29-2011 #3
- Join Date
- Sep 2008
I feel you're right: I have the main.cf that reads like this:
header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks body_checks = regexp:/etc/postfix/body_checks ....... smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, ---- check_client_access hash:/etc/postfix/access_client, check_helo_access hash:/etc/postfix/access_helo, check_sender_access hash:/etc/postfix/access_sender, pcre:/etc/postfix/access_sender_pcre, check_recipient_access hash:/etc/postfix/access_recipient, ..... reject_rbl_client sbl.spamhaus.org, check_policy_service inet:127.0.0.1:2501, permit
On the contrary, header_checks is a standalone check line, so it may block ALL mails, including the ones coming from my users !!! I'm so idiot I didn't realize it before ..
Anyway now I (partially) solved in this way:
I changed access_sender file to read the following:
.... pec.mydomain.com OK mydomain.com DISCARD No mail dall'esterno con stesso dominio ....
It is almost what I expected...
Thanks again for your support.