Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd February 2009, 00:58
Angelito Angelito is offline
Junior Member
 
Join Date: Jan 2008
Location: Los Angeles,CA (US)
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default smtpd_sender_restrictions vs smtpd_recipient_restrictions vs smtpd_client_restriction

I want to reject mail from spam sources aimed to my domains (local delivery) specified in:
Code:
virtual_mailbox_domains = example2.com, example3.net
All mail with a destination to example2.com and example3.net is delivered locally.

If any of the users in example2.com and/or example3.net want to use Postfix to relay mail (eg: to hotmail or yahoo mail)will have to authenticate first (SASL), if authentication is successful they are granted permission to relay mail.

Now, as I said first I want to reject mail aimed to example2.com and/or example3.net from spam sources.(I know there could be other methods, but this thread is about smtpd_sender_restrictions vs smtpd_recipient_restrictions vs smtpd_client_restriction).

I seen some settings that indicate setting smtpd_recipient_restrictions to block spam sources (http://www.howtoforge.com/block_spam..._level_postfix):
Code:
smtpd_recipient_restrictions =
            reject_invalid_hostname,
            reject_unknown_recipient_domain,
            reject_unauth_pipelining,
            permit_mynetworks,
            permit_sasl_authenticated,
            reject_unauth_destination,
            reject_rbl_client multi.uribl.com,
            reject_rbl_client dsn.rfc-ignorant.org,
            reject_rbl_client dul.dnsbl.sorbs.net,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client sbl-xbl.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client dnsbl.sorbs.net,
            reject_rbl_client cbl.abuseat.org,
            reject_rbl_client ix.dnsbl.manitu.net,
            reject_rbl_client combined.rbl.msrbl.net,
            reject_rbl_client rabl.nuclearelephant.com,
            permit
But for my goal, shouldn't I use smtpd_sender_restrictions(http://www.postfix.org/postconf.5.ht...r_restrictions) or smtpd_client_restriction(http://www.postfix.org/postconf.5.ht...t_restrictions)?

smtpd_sender_restrictions, as stated in Postfix website, filters mails based on the MAIL FROM command; This command is easy faked by telneting an open relay and typing in this command, therefore mail cound be sent with a valid MAIL FROM address, for this reason smtpd_sender_restrictions does not seem to be my solution.

The only option left in my hypothesis is to use smtpd_client_restrictions, which for my understanding checks the hostname or IP address of the smtpd client (the other MTA/SMTP connecting to my local smtpd(Postfix) ) in a black list, if listed mail is denied.

Am I correct here ?

NaCo
Reply With Quote
Sponsored Links
  #2  
Old 17th March 2010, 21:21
mangueJOE mangueJOE is offline
Junior Member
 
Join Date: Jan 2008
Location: Brazil
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Yes sir. You are correct. Take a look on this page: http://www.postfix.org/SMTPD_ACCESS_README.html

It explains all the smtpd access control types and why people tend to ignore all of them and use smtpd_recipient_restrictions only. Also possible problems you get by doing this.
__________________
Fedora / Debian / Ubuntu
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 03:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.