[Postfix] Filter only outbound mail

Hi All,

I search one issue for apply a postfix rule.

I would that postfix send to a server with virus scanner all mails before sending to the internet.

Example:
My customer make a AUTH connect to the postfix SMTP (port 25) after check if the customer have the right user and pass, the SMTP server would send the mail to another server (mail-filter).

I've play with the "smtpd_sender_restrictions" variable and the value "check_client_access cidr:/etc/postfix/antivirus_sortant".

Into the file I've put "0.0.0.0/0 FILTER smtp:[IP.SERVEUR.FILTRAGE]:10024".

The rule work find, all mails are sending to the Filter server, but the problem ... All incoming mail from the network are filter ...
I would just check the mail sending with SMTP login & pass from my customer.

Not the mail receive for example by another smtp server :)

How I can filter only mail coming from a customer ?

Thank all
omnipcxAsked:
Who is Participating?
 
Kerem ERSOYConnect With a Mentor PresidentCommented:
Here's how:

http://www200.pair.com/mecham/spam/bypassing.html

Plese check the section:

2. Use two or more IP addresses to only filter incoming messages (bypass filtering for internal clients)

Cheers,
K.
0
 
Kerem ERSOYPresidentCommented:
Hi,

In fact the idea here is to setup 2 connections one would send the mail directly to internet and be setup at say 20025 and the filtered one in 25.



0
 
omnipcxAuthor Commented:
Hi KeremE,

Thank for your reply.
My problem, I need to use the same ip, because, I move to a new system and it's hard to inform our customer that they need update the profil (ex outlook) with the new server.

I need realy find a issue for explain to postfix if they have a sasl login, they must give the mail to the mail filter server.

Regards,
Damien
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
bevhostCommented:
For the IP address you don;t want scanned, in the file /etc/postfix/antivirus_sortant above the 0.0.0.0/0 entry...
eg

192.168.1.0/24  dunno
0
 
bevhostCommented:
You could use "permit" instead of "dunno".

Permit will allow the message to be accepted immediately without looking at any more rules.
Dunno simply stops any further processing/lookup on this rule. ie this rule returns nothing eg don't know. (not permit, not reject)
0
 
omnipcxAuthor Commented:
Partially solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.