Hey folks,
my Zimbra is running behind a spam relay that only deliveres pre-filtered emails. I do not need the internal av/as capabilities of Zimbra, so I deactivated that. My MX points to the spam relay, of course, my folks drop their mails in the zimbra appliance.
So I played with
zmprov mcf -zimbraMtaRestriction 'check_client_access lmdb:/opt/zimbra/conf/postfix_blacklist'
and edited the blacklist according to the usual postfix docs. However: If I only want to allow specific IPs but deny all others (no use case) does anyone know how to do this?
Block all but specific IPs
-
axslingr
- Outstanding Member
- Posts: 256
- Joined: Sat Sep 13, 2014 2:20 am
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 UBUNTU18
Re: Block all but specific IPs
Sounds like a job for firewall rules instead of postfix.
Re: Block all but specific IPs
... and just how would you open port 25 for all clients using auth & using port 25 to drop off Emails while closing port 25 for all smtp servers trying to drop emails w/o auth?
Just closing port 25 is easy, keeping access to the remaining clients is the trick.
Just closing port 25 is easy, keeping access to the remaining clients is the trick.
-
axslingr
- Outstanding Member
- Posts: 256
- Joined: Sat Sep 13, 2014 2:20 am
- ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU18.64 UBUNTU18
Re: Block all but specific IPs
Use 587 / 465 for client submission(that's what those ports are for) and only allow incoming port 25 from spam relay.
Re: Block all but specific IPs
My admin heart totally agrees. But care to guess how much perent of all those configured clients out there across all devices default to Port 25?
Blocking 25 is not an option.
Blocking 25 is not an option.