DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Ports and Packages

FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th February 2009
biscuits biscuits is offline
Port Guard
 
Join Date: Oct 2008
Posts: 10
Thanked 0 Times in 0 Posts
Default Postfix: Block CIDR w/ whitelist??

Trying in vain here to block a cidr address range, and yet whitelist certain email addresses on postfix on freebsd 7 ... any tips would be greatly appreciated... postfix just keeps blocking my CIDR and ignoring my whitelist ...

main.cf:

Code:
# STOP UCE AND SPAM

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_sender_access hash:/usr/local/etc/postfix/maps/sender_access,
    reject_invalid_hostname,
    reject_unauth_pipelining,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rbl_client relays.ordb.org,
    reject_rbl_client blackholes.easynet.nl,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client proxies.blackholes.wirehub.net,
    #reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client dnsbl.njabl.org,
    #reject_rbl_client list.dsbl.org,
    reject_rbl_client multihop.dsbl.org,
    #reject_rbl_client t1.dnsbl.net.au,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client blackholes.mail-abuse.org,
    reject_rbl_client relays.mail-abuse.org,
    #reject_rbl_client list.dsbl.org,
    reject_rbl_client multihop.dsbl.org,
    #reject_rhsbl_client relays.ordb.org,
    reject_rhsbl_client dnsbl.njabl.org,
    reject_rhsbl_client blackholes.mail-abuse.org,
    reject_rhsbl_client relays.mail-abuse.org,
    #reject_rhsbl_client list.dsbl.org,
    reject_rhsbl_client multihop.dsbl.org,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    permit

header_checks = regexp:/usr/local/etc/postfix/maps/header_checks
body_checks =   regexp:/usr/local/etc/postfix/maps/body_checks

smtpd_client_restrictions = check_client_access cidr:/usr/local/etc/postfix/maps/ip.cidr
sender_access :
Code:
#always POSTMAP sender_access when done

iinet.net.au    OK
ip.cidr :
Code:
61.9.0.0/16            REJECT (Err.cidr0) Temporary rejection - IT guys are testing ... retry in a minute ...
Reply With Quote
  #2   (View Single Post)  
Old 9th February 2009
biscuits biscuits is offline
Port Guard
 
Join Date: Oct 2008
Posts: 10
Thanked 0 Times in 0 Posts
Default

Nevermind, I think I got it sorted: main.cf got editted to this:

Code:
smtpd_client_restrictions =
        check_sender_access hash:/usr/local/etc/postfix/maps/sender_access,
        check_client_access cidr:/usr/local/etc/postfix/maps/ip.cidr,
        permit
Thanks anyway!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
block spam milo974 OpenBSD Security 1 26th May 2009 11:30 AM
New tool on the block - scrypt s0xxx FreeBSD Security 2 21st May 2009 07:48 AM
testing pf block all rules with Nmap. bsdnewbie999 OpenBSD General 1 25th March 2009 11:55 AM
Automaticaly block IPs with PF DNAeon FreeBSD Installation and Upgrading 7 20th February 2009 02:06 AM
BSD n00b needs to block incoming SQL on 3306 renolinux FreeBSD Security 5 27th May 2008 02:26 PM


All times are GMT. The time now is 05:46 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick