Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To allow relay from mail servers i was adding the remote static IPs
to "mynetworks" on postfix main.cf and for the mail shield (mx records from outside)
i added the remote domains to /etc/postfix/transport with the related fqdn of the
final destination. (of course i have security checks, custom ports and other stuff not for your concerns)
everything is working great and smooth,
i just try to understand if it's possible in postfix to bind the
sender domain to the IP is relaying from,
let me explain,
remote mail server ip: 1.1.1.1
sent from domain: @contoso.com
if the remote mail server send an email it goes to the relay server,
postfix check if the sending IP allow relay, and permit this IP to relay,
so far so good, but i want to tell postfix regardless of the allowing relay
to allow not just the remote IP but also the "MAIL FROM:" domain from the envelpoe.
the idea is, if it comes from server ip: 1.1.1.1 and from @contoso.com it will be Allow,
if it comes from server ip: 1.1.1.1 but from @fabrikam.com it will be deny,
i want to deny it at the smtp protocol level, im trying to prevent spambot or
open relay proxy if the remote site will get virus or any trojan.
You can try to create a "header_check" rule file.
In that file you can specify:
/^From: .*@fabrikam\.com/ DISCARD
This way any email coming from that domain would be discarded.
Quote:
Originally Posted by zohman
Hi All,
i have setup Postfix with MailScanner/SA etc.
To allow relay from mail servers i was adding the remote static IPs
to "mynetworks" on postfix main.cf and for the mail shield (mx records from outside)
i added the remote domains to /etc/postfix/transport with the related fqdn of the
final destination. (of course i have security checks, custom ports and other stuff not for your concerns)
everything is working great and smooth,
i just try to understand if it's possible in postfix to bind the
sender domain to the IP is relaying from,
let me explain,
remote mail server ip: 1.1.1.1
sent from domain: @contoso.com
if the remote mail server send an email it goes to the relay server,
postfix check if the sending IP allow relay, and permit this IP to relay,
so far so good, but i want to tell postfix regardless of the allowing relay
to allow not just the remote IP but also the "MAIL FROM:" domain from the envelpoe.
the idea is, if it comes from server ip: 1.1.1.1 and from @contoso.com it will be Allow,
if it comes from server ip: 1.1.1.1 but from @fabrikam.com it will be deny,
i want to deny it at the smtp protocol level, im trying to prevent spambot or
open relay proxy if the remote site will get virus or any trojan.
You can try to create a "header_check" rule file.
In that file you can specify:
/^From: .*@fabrikam\.com/ DISCARD
This way any email coming from that domain would be discarded.
Thanks for the answer,
but i dont see how it match my needs..
first, fabrikam.com is an example, it can be any domain other then the true originating domain (contoso.com for example).
and how exactly i bind the domain to the mail server ip?
and how it deny at the smtp protocol level?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Postfix - securing relaying domains
