EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: cmantoot on Monday 03 August 2009, 11:34:48 pm



Title: SMTP Sender/Recipient Access
Post by: cmantoot on Monday 03 August 2009, 11:34:48 pm
I've looked through the posts and don't see anything similar, so I'm hoping there are some Postfix gurus out there that can assist.

I have setup Endian as our gateway to primarily filter SPAM from entering our network.  It is properly forwarding messages through to our Exchange server after greylisting and SA functions are performed.

I setup the same whitelist for:
  Proxy...SMTP...blacklist/whitelist...sender_whitelist
  Proxy...SMTP...spam...greylisting - recipient whitelist

I assume these assist in bypassing the greylisting and SA checks, but it appears the sender_whitelist may also be used during the SMTP session:
  smtpd_sender_restrictions =
    check_sender_access btree:/etc/postfix/sender_rules,...

I'd like to do something similar with the recipient access as I want to reject anything other than valid emails on the exchange server behind the firewall.  It doesn't have to be a dynamically read list as we only have a dozen or so email user.

If I read the main.cf correctly, I would modify Proxy...SMTP...blacklist/whitelist...recipient_whitelist
  smtpd_recipient_restrictions =
    check_recipient_access btree:/etc/postfix/recipient_rules,...

What/where would I enter for non-valid email addresses for my domain - basically anything that doesn't exist in the 'whitelist' list.

I have used ClarkConnect for the past year, but recently switched to Endian and absolutely LOVE the interface and detailed configuration allowed.  Looking forward to using some of the features - HTTP Proxy via LDAP Auth with our SBS server


Title: Re: SMTP Sender/Recipient Access
Post by: cmantoot on Tuesday 04 August 2009, 10:12:18 pm
I determined how to do what I'm looking for and thought I'd share the results, for those that might be looking...

1) Add valid recipient addresses to Proxy - SMTP - blacklist/whitelist - recipient whitelist
2) Add yourdomain.com to the SMTP - blacklist/whitelist - recipient blacklist

From what I understand and how the SMTP session is working, the smtpd_recipient_restrictions check_recipient_access btree:/etc/postfix/recipient_rules looks at the whitelist/blacklist you just established in order for a match in the RCPT TO

If there is a match, then it processes against the right side (OK or REJECT)

It does this in order from top down, with 'yourdomain.com' at the bottom

I tested this several ways and see that any non-valid email is being rejected immediately at the gateway (as it should), and valid email addresses get passed through to the next step in the smtpd_recipient_restrictions list.

I was concerned that the messages were just getting forwarded to my internal SMTP server, but I had a  check by sending the GTUBE test (http://spamassassin.apache.org/gtube/) to ensure the message was undergoing the amavis (greylist/SA) functions.

Now I'm onto user/group HTTP access

Great built-in logic and interface Endian!!!!