Postfix cleanup daemon access control

postfix

Is there any way to control which hosts are permitted to connect to the cleanup daemon over TCP?

Our 'master.cf' contains:

2526      inet  n       -       -       -       0       cleanup

This is necessary because we have a cluster of SMTP servers running custom code, and they can all inject mail to the centralized postfix server via the cleanup daemon.

However, we want to allow only our authorized servers to connect to the cleanup daemon. The current configuration allows any host to connect to port 2526.

Clearly we can use iptables to restrict access, but is there a way to do this within postfix itself?


Solution 1:

As far as I can tell the cleanup daemon does not have any auth controls. You could try to write a non-smtp milter, but the functionality is pretty limited and I'm not sure it would even help.

The better option might be to expose qmqpd instead. It should pipe things directly into cleanup, but allows you to do simple controls. qmqpd_authorized_clients would be the way to handle it there. I'd suspect you'd need to rewrite some code if you go this route.

Related

com.google.android.gms.common.internal.safe parcel.safe parcelable not found
What is the difference between a fluent interface and the Builder pattern?
The component does not have a resource identified by the uri
Acceptable field type and size for email address? [duplicate]
Android Gradle cannot find symbol class Gson
Visual Studio error D8016: '/ZI' and '/Gy' command-line options are incompatible
How to I make private class constants in Ruby
Implementing steps/snapping UISlider
Change the color of iOS Navigation Bar
How to add a favicon to a Next.js static site?
Error MSB3541: Files has invalid value
Why on Xcode 11, UICollectionViewCell changes size as soon as you scroll (I already set size in sizeForItem AtIndexPath:)?