| Main Archive Page > Month Archives > postfix-users archives |
Re: Isolating SMTP to a single band of 8 IP's
From: Keith Steensma <keith_at_nospam>Date: Wed Nov 02 2011 - 16:31:35 GMT
To: postfix-users@postfix.org
The original message from the company said 'It's a block of 8 Class C
networks'. I (just) read things wrong. And said (to myself), 'self',
that's 8 ip's, right, right! (Dumb!!) Thanks to all.
Keith
On 11/2/2011 11:00 AM, /dev/rob0 wrote:
> On Wednesday 02 November 2011 10:43:35 Keith Steensma wrote:
>> It's been a long time since I have participated in this list (goes
>> to show how good Postfiix is when it can run for years with so few
>> problems). Our company has decided to start using an outside SPAM
>> filtering service. Overall, this is doing a very good job. But we
>> are getting SPAM directly into out system and I need to block all
>> outside SMTP connections except the connections from a group of 8
>> IP address'.
>>
>> CIDR notation: 199.89.0.0/21
>> Netmask notation: 199.89.0.0 with a netmask of 255.255.248.0
>> Address range: 199.89.0.0 through 199.89.7.255
> That is of course much more than 8 addresses, that is 8 * 256. But no
> matter.
>
>> I tried (from "Getting selective with SMTP access restriction
>> lists" web page)
>>
>> smtpd_recipient_restrictions = permit_mynetworks,
>> reject_unauth_destination
>> mynetworks = 127.0.0.0/8, 192.168.1.0/24, 199.89.0.0/21
>>
>> But that only solved half the problem. Mail is still getting in
>> from from IP's (like from 203.200.235.214 by 125.160.50.143)
>>
>> Can anyone offer a suggestion how to fix this problem the right
>> way?
> main.cf :
>
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination
> check_client_access cidr:/path/to/filter_hosts, reject
>
> /path/to/filter_hosts :
> 199.89.0.0/21 permit_auth_destination
> 0.0.0.0/0 REJECT Please use the MX host
>
> Being a bit slow on the draw this morning I see that Charles has
> suggested fundamentally the same thing, just done differently.