[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 483
  • Last Modified:

[Postfix] Filter only outbound mail

Hi All,

I search one issue for apply a postfix rule.

I would that postfix send to a server with virus scanner all mails before sending to the internet.

Example:
My customer make a AUTH connect to the postfix SMTP (port 25) after check if the customer have the right user and pass, the SMTP server would send the mail to another server (mail-filter).

I've play with the "smtpd_sender_restrictions" variable and the value "check_client_access cidr:/etc/postfix/antivirus_sortant".

Into the file I've put "0.0.0.0/0 FILTER smtp:[IP.SERVEUR.FILTRAGE]:10024".

The rule work find, all mails are sending to the Filter server, but the problem ... All incoming mail from the network are filter ...
I would just check the mail sending with SMTP login & pass from my customer.

Not the mail receive for example by another smtp server :)

How I can filter only mail coming from a customer ?

Thank all
0
omnipcx
Asked:
omnipcx
  • 2
  • 2
  • 2
1 Solution
 
Kerem ERSOYPresidentCommented:
Hi,

In fact the idea here is to setup 2 connections one would send the mail directly to internet and be setup at say 20025 and the filtered one in 25.



0
 
Kerem ERSOYPresidentCommented:
Here's how:

http://www200.pair.com/mecham/spam/bypassing.html

Plese check the section:

2. Use two or more IP addresses to only filter incoming messages (bypass filtering for internal clients)

Cheers,
K.
0
 
omnipcxAuthor Commented:
Hi KeremE,

Thank for your reply.
My problem, I need to use the same ip, because, I move to a new system and it's hard to inform our customer that they need update the profil (ex outlook) with the new server.

I need realy find a issue for explain to postfix if they have a sasl login, they must give the mail to the mail filter server.

Regards,
Damien
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
bevhostCommented:
For the IP address you don;t want scanned, in the file /etc/postfix/antivirus_sortant above the 0.0.0.0/0 entry...
eg

192.168.1.0/24  dunno
0
 
bevhostCommented:
You could use "permit" instead of "dunno".

Permit will allow the message to be accepted immediately without looking at any more rules.
Dunno simply stops any further processing/lookup on this rule. ie this rule returns nothing eg don't know. (not permit, not reject)
0
 
omnipcxAuthor Commented:
Partially solution
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now