Hello,
Based on the following information in the wiki regarding New Features in ZCS_8.5 and especially the section about the ability to blacklist specific IP addresses, i would like to do this but based on ip ranges in CIDR format.
I read that for instance this works in postfix using the following:
smtpd_client_restrictions =
check_client_access cidr:/etc/postfix/cidr_client_access
and having in the file the following format:
192.168.1.0/24 REJECT
Is this supported in Zimbra 8.5 or 8.6 ?
Thanks in advance.
Block ip ranges in postfix
-
- Advanced member
- Posts: 183
- Joined: Fri Apr 25, 2014 12:42 pm
Block ip ranges in postfix
Hi,
I think that CIDR is supported since it is included in Postfix since its version 2.1. To confirm run 'postconf -m' and the cidr should be in the results.
Source: http://www.postfix.org/cidr_table.5.html
I think that CIDR is supported since it is included in Postfix since its version 2.1. To confirm run 'postconf -m' and the cidr should be in the results.
Source: http://www.postfix.org/cidr_table.5.html
Block ip ranges in postfix
Hi Fabio,
Thanks this is indeed available so I used CIDR for my list of ip ranges to reject.
Kind regards,
Manuel
Thanks this is indeed available so I used CIDR for my list of ip ranges to reject.
Kind regards,
Manuel
-
- Advanced member
- Posts: 183
- Joined: Fri Apr 25, 2014 12:42 pm
Block ip ranges in postfix
Hi Manuel,
I'm glad that it helped you.
I'm glad that it helped you.
Block ip ranges in postfix
Hi,
so just for the records to document what I did:
creation of the cidr file to reject ip ranges:
nano /opt/zimbra/conf/postfix_blacklist_cidr
the content if formatted the following way:
A.B.C.D/xx REJECT
postmap the file:
postmap /opt/zimbra/conf/postfix_blacklist_cid
edit the smtpd_recipient_restrictions.cf file
nano /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
add the following on second line:
%%contains VAR:zimbraMtaRestriction check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr%%
add the following the the configuragation:
zmprov mcf +zimbraMtaRestriction 'check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr'
restarts your server:
zmcontrol restart
you should now be able to see rejected ips like:
NOQUEUE: reject: RCPT from xxxxxx[A:B:C:D]: 554 5.7.1 <xxxxxxxxx[A:B:C:D]>: Client host rejected: Access denied; from=<sender@domain.com> to=<recepient@domain.com> proto=ESMTP helo=<sender_hostname>
Enjoy
so just for the records to document what I did:
creation of the cidr file to reject ip ranges:
nano /opt/zimbra/conf/postfix_blacklist_cidr
the content if formatted the following way:
A.B.C.D/xx REJECT
postmap the file:
postmap /opt/zimbra/conf/postfix_blacklist_cid
edit the smtpd_recipient_restrictions.cf file
nano /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
add the following on second line:
%%contains VAR:zimbraMtaRestriction check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr%%
add the following the the configuragation:
zmprov mcf +zimbraMtaRestriction 'check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr'
restarts your server:
zmcontrol restart
you should now be able to see rejected ips like:
NOQUEUE: reject: RCPT from xxxxxx[A:B:C:D]: 554 5.7.1 <xxxxxxxxx[A:B:C:D]>: Client host rejected: Access denied; from=<sender@domain.com> to=<recepient@domain.com> proto=ESMTP helo=<sender_hostname>
Enjoy
Re: Block ip ranges in postfix
Works. Thx.manu67a wrote:Hi,
so just for the records to document what I did:
creation of the cidr file to reject ip ranges:
nano /opt/zimbra/conf/postfix_blacklist_cidr
the content if formatted the following way:
A.B.C.D/xx REJECT
postmap the file:
postmap /opt/zimbra/conf/postfix_blacklist_cid
edit the smtpd_recipient_restrictions.cf file
nano /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf
add the following on second line:
%%contains VAR:zimbraMtaRestriction check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr%%
add the following the the configuragation:
zmprov mcf +zimbraMtaRestriction 'check_client_access cidr:/opt/zimbra/conf/postfix_blacklist_cidr'
restarts your server:
zmcontrol restart
you should now be able to see rejected ips like:
NOQUEUE: reject: RCPT from xxxxxx[A:B:C:D]: 554 5.7.1 <xxxxxxxxx[A:B:C:D]>: Client host rejected: Access denied; from=<sender@domain.com> to=<recepient@domain.com> proto=ESMTP helo=<sender_hostname>
Enjoy