I did 1 not too long ago, but I can't find the config files I
created. Here it is from memory:
In main.cf, add the following line:
smtpd_client_restrictions = check_client_access
cidr:allowed_clients, permit_mynetworks, permit_sasl_authenticated,
reject
Create a file called allowed_clients in /etc/postfix containing:
64.18.0.0/20 OK
207.126.144.0/20 OK
The IPs above are the ones that Postini uses. You'll want to add
your internal networks to that, as well.
If you adjust the order of that list then you don't need to add your
own internal networks since it would already be implied. The list
should be as follows.
This way you've already allowed your internal networks with
'permit_mynetwork' and you've allowed authenticated users
'permit_sasl_authenticated' before the restriction list comes into play.
Nathan
On Jan 25, 2007, at 8:11 AM, Paul Chernoff wrote:
Now that I have a Mac OS X Server mail server running, I would
like to do some additional settings to match settings that I have
created in EIMS. I haven't found this information in Apple's
manuals, but I would be happy for references to where to find this
information in Postfix or Cyrus documentation.
1) I want to restrict the mail servers that this server will
accept e-mail from. We use Postini to filter our e-mail and I want
to ensure that senders are not bypassing Postini by sending mail
directly to my mail servers IP address. In EIMS I have define what
IP addresses and ranges that can access our SMTP service (this is
not the Relay Security setting).
2) If someone is in my LAN they can use port 25 for sending e-mail
through our server, but if they are not on our LAN they should use
port 587. This is done partly to get around various ISPs who block
port 25.
--
Gino Cerullo
Pixel Point Studios
21 Chesham Drive
Toronto, ON M3M 1W6
