omnipcx
asked on
[Postfix] Filter only outbound mail
Hi All,
I search one issue for apply a postfix rule.
I would that postfix send to a server with virus scanner all mails before sending to the internet.
Example:
My customer make a AUTH connect to the postfix SMTP (port 25) after check if the customer have the right user and pass, the SMTP server would send the mail to another server (mail-filter).
I've play with the "smtpd_sender_restrictions " variable and the value "check_client_access cidr:/etc/postfix/antiviru s_sortant" .
Into the file I've put "0.0.0.0/0 FILTER smtp:[IP.SERVEUR.FILTRAGE] :10024".
The rule work find, all mails are sending to the Filter server, but the problem ... All incoming mail from the network are filter ...
I would just check the mail sending with SMTP login & pass from my customer.
Not the mail receive for example by another smtp server :)
How I can filter only mail coming from a customer ?
Thank all
I search one issue for apply a postfix rule.
I would that postfix send to a server with virus scanner all mails before sending to the internet.
Example:
My customer make a AUTH connect to the postfix SMTP (port 25) after check if the customer have the right user and pass, the SMTP server would send the mail to another server (mail-filter).
I've play with the "smtpd_sender_restrictions
Into the file I've put "0.0.0.0/0 FILTER smtp:[IP.SERVEUR.FILTRAGE]
The rule work find, all mails are sending to the Filter server, but the problem ... All incoming mail from the network are filter ...
I would just check the mail sending with SMTP login & pass from my customer.
Not the mail receive for example by another smtp server :)
How I can filter only mail coming from a customer ?
Thank all
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi KeremE,
Thank for your reply.
My problem, I need to use the same ip, because, I move to a new system and it's hard to inform our customer that they need update the profil (ex outlook) with the new server.
I need realy find a issue for explain to postfix if they have a sasl login, they must give the mail to the mail filter server.
Regards,
Damien
Thank for your reply.
My problem, I need to use the same ip, because, I move to a new system and it's hard to inform our customer that they need update the profil (ex outlook) with the new server.
I need realy find a issue for explain to postfix if they have a sasl login, they must give the mail to the mail filter server.
Regards,
Damien
For the IP address you don;t want scanned, in the file /etc/postfix/antivirus_sor tant above the 0.0.0.0/0 entry...
eg
192.168.1.0/24 dunno
eg
192.168.1.0/24 dunno
You could use "permit" instead of "dunno".
Permit will allow the message to be accepted immediately without looking at any more rules.
Dunno simply stops any further processing/lookup on this rule. ie this rule returns nothing eg don't know. (not permit, not reject)
Permit will allow the message to be accepted immediately without looking at any more rules.
Dunno simply stops any further processing/lookup on this rule. ie this rule returns nothing eg don't know. (not permit, not reject)
ASKER
Partially solution
In fact the idea here is to setup 2 connections one would send the mail directly to internet and be setup at say 20025 and the filtered one in 25.