IP ACL’s for smtpd port 25 and not submission

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

IP ACL’s for smtpd port 25 and not submission

J Doe
Hi,

I currently use postscreen on my Postfix version 3.1.0 mail server.  I implement IP ACL’s via it to ban malicious connections (generally from xDSL IP blocks), against smtpd running on port 25.

I have recently configured and turned on submission with SASL.  With submission available, I don’t want to ban any particular xDSL IP blocks as clients that are travelling around the world may make use of Internet in cafes, hotels, etc. to connect to submission that themselves are xDSL connections.

With postscreen doing the IP ACL work, from what I understand this extends to *both* smtpd and submission smtpd.  Is there a way where I can have separate IP ACL lists for smtpd on port 25 and smtpd on submission ?  Is this possible via postscreen or is there another way of achieving this ?

Thanks,

- J
Reply | Threaded
Open this post in threaded view
|

Re: IP ACL’s for smtpd port 25 and not submission

Viktor Dukhovni


> On Feb 10, 2018, at 11:17 AM, J Doe <[hidden email]> wrote:
>
> With postscreen doing the IP ACL work, from what I understand
> this extends to *both* smtpd and submission smtpd.

No, that's wrong.  It takes quite a bit of care of enable
"postscreen" on both port 25 and port 587, in the normal
deployment, "postscreen" only filters port 25 connections.

With the premise wrong, the follow-on question is moot.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

=?UTF-7?Q?Re=3A_IP_ACL+IBk-s_for_smtpd_port_25_and_not_submission?=

Wietse Venema
In reply to this post by J Doe
I'm pretty sure that postscreen documentation says don't use
postscreen for mail user agents (i.e. submission or smtps).

        Wietse