Backtrack:  
 
by lunarg on September 28th 2011, at 12:23

If you wish to restrict SMTP access via IP addresses or a network range, one way to do it would be via Postfix configuration. You can set up restrictions using a Postfix hash-table or via a cidr file. You can choose one or both methods to perform the restrictions. The end-result will be the same.

Create a hash (postmapped) file

Create a text file with the addresses you would like to reject. You can choose whatever file name you wish. E.g.: /etc/postfix/smtp_client_access

Its content should be something like:

192.168.0.1 REJECT Stop mailing us
192.168.0.2 REJECT Stop mailing us
192.168.1 REJECT Stop mailing us

Next, postmap it by running:

postmap /etc/postfix/smtp_client_access

Then add/edit this in your main.cf:

smtpd_client_restrictions = 
      check_client_access hash:/etc/postfix/smtp_client_access

Create a CIDR file

Similar as a hash file but with slightly different content, and you don't have to postmap it.

192.168.0.1 REJECT Stop mailing us
192.168.0.2 REJECT Stop mailing us
192.168.1.0/24 REJECT Stop mailing us

Add/edit this in your main.cf (if the file was named /etc/postfix/cidr_client_access):

smtpd_client_restrictions = 
     check_client_access cidr:/etc/postfix/cidr_client_access

Using both hash and CIDR

You could also combine the two like so:

smtpd_client_restrictions = 
    check_client_access cidr:/etc/postfix/cidr_client_access, 
    check_client_access hash:/etc/postfix/client_access

Don't forget to reload Postfix

postfix reload

 

 
 
« December 2024»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »