Restrict incoming delivery to whitelist

[agjones]

I have an external service that is acting as MX/SPAM/Virus filter and store /forward when our internet connection is down. I want my postfix rig to only receive delivery from the list of servers that the external service runs.

How do I create a restriction that allows inbound connection only from my list of IPs?

Thanks

 

[jkupski]

You want to use smtpd_client_restrictions. See the example in /etc/postfix/access for more information.

 

[agjones]

Thanks for the tip. I am a total postfix noob. So I don't think the /etc/postfix/access is clearing things up for me! ;->

I did some reading here:

http://www.securityfocus.com/infocus/1593

that helped clarify too.

I don't want any machine in the world to successfully connect for inbound delivery...except:

1.1.1.1 OK
2.2.2.2 OK
3.3.3.3 OK

but how do I say REJECT everythings else

and do I have to do something w/ postmap to make it happen?

Big Thanks.

 

[jkupski]

Yes, you should postmap /etc/postfix/access to generate /etc/postfix/access.db. Main.cf should have a line like the following:

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, reject

This will allow those hosts listed as OK in access.db, while denying everything else.