Prev: SMTP Authentication in Luminis / iPlanet Environment
Next: lost connection after DATA Q?
From: mouss on 15 May 2010 15:27
Josh Cason a �crit :
> Thank you for the help. Let me clear up a few things. First of all they
> are talking to my e-mail server but the servers we are monitoring is the
> customers servers These servers have one static ip from qwest. We have
> no control over that and have not asked qwest to fix the wrong dns
> issue. I have tried a few dns servers and they all come back with the
> wrong answer. So to make my life easy. I'm going ahead and trying the
> client_whitelist.cidr with just the three ip numbers of the three
> servers on the outside of my network since they are static. The only
> other thing I was able to track down. Is when we moved one server from
> one dsl provider to qwest. That is when that one server stopped working.
>

That's because qwest doesn't set a reverse DNS for the IPs in question.
Whatever you do, this won't help these servers send mail to others...

you can remove the rules that reject them, but then you won't stop as
much junk as you do now. This is a site policy matter, so I won't go
further...

> I also want to know if client_whitelist would work for another issue I'm
> having with postini and postfix. I would like to tell my servers that
> e-mail comming in from postini's mail server ip numbers. To not route
> any mail except for mail going to the domains I host. It should do this
> anyway but I read of a problem with postini that allows mail to come in
> and re-route like an open relay.
>

there would be an open relay risk if postini IPs were added to
mynetwork. don't do that. use the check_client_access suggested in my
previous post. this check comes after reject_unauth_destination (which
stops open relay).

First  |  Prev  | 
Pages: 1 2
Prev: SMTP Authentication in Luminis / iPlanet Environment
Next: lost connection after DATA Q?