Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 07:59:38 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  SMTP Sender/Recipient Access
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: SMTP Sender/Recipient Access  (Read 21331 times)
cmantoot
Jr. Member
*
Offline Offline

Posts: 3


« on: Monday 03 August 2009, 11:34:48 pm »

I've looked through the posts and don't see anything similar, so I'm hoping there are some Postfix gurus out there that can assist.

I have setup Endian as our gateway to primarily filter SPAM from entering our network.  It is properly forwarding messages through to our Exchange server after greylisting and SA functions are performed.

I setup the same whitelist for:
  Proxy...SMTP...blacklist/whitelist...sender_whitelist
  Proxy...SMTP...spam...greylisting - recipient whitelist

I assume these assist in bypassing the greylisting and SA checks, but it appears the sender_whitelist may also be used during the SMTP session:
  smtpd_sender_restrictions =
    check_sender_access btree:/etc/postfix/sender_rules,...

I'd like to do something similar with the recipient access as I want to reject anything other than valid emails on the exchange server behind the firewall.  It doesn't have to be a dynamically read list as we only have a dozen or so email user.

If I read the main.cf correctly, I would modify Proxy...SMTP...blacklist/whitelist...recipient_whitelist
  smtpd_recipient_restrictions =
    check_recipient_access btree:/etc/postfix/recipient_rules,...

What/where would I enter for non-valid email addresses for my domain - basically anything that doesn't exist in the 'whitelist' list.

I have used ClarkConnect for the past year, but recently switched to Endian and absolutely LOVE the interface and detailed configuration allowed.  Looking forward to using some of the features - HTTP Proxy via LDAP Auth with our SBS server
Logged
cmantoot
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Tuesday 04 August 2009, 10:12:18 pm »

I determined how to do what I'm looking for and thought I'd share the results, for those that might be looking...

1) Add valid recipient addresses to Proxy - SMTP - blacklist/whitelist - recipient whitelist
2) Add yourdomain.com to the SMTP - blacklist/whitelist - recipient blacklist

From what I understand and how the SMTP session is working, the smtpd_recipient_restrictions check_recipient_access btree:/etc/postfix/recipient_rules looks at the whitelist/blacklist you just established in order for a match in the RCPT TO

If there is a match, then it processes against the right side (OK or REJECT)

It does this in order from top down, with 'yourdomain.com' at the bottom

I tested this several ways and see that any non-valid email is being rejected immediately at the gateway (as it should), and valid email addresses get passed through to the next step in the smtpd_recipient_restrictions list.

I was concerned that the messages were just getting forwarded to my internal SMTP server, but I had a  check by sending the GTUBE test (http://spamassassin.apache.org/gtube/) to ensure the message was undergoing the amavis (greylist/SA) functions.

Now I'm onto user/group HTTP access

Great built-in logic and interface Endian!!!!
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com