IP ACL’s for smtpd port 25 and not submission


I currently use postscreen on my Postfix version 3.1.0 mail server. I implement IP ACL’s via it to ban malicious connections (generally from xDSL IP blocks), against smtpd running on port 25.

I have recently configured and turned on submission with SASL. With submission available, I don’t want to ban any particular xDSL IP blocks as clients that are travelling around the world may make use of Internet in cafes, hotels, etc. to connect to submission that themselves are xDSL connections.

With postscreen doing the IP ACL work, from what I understand this extends to *both* smtpd and submission smtpd. Is there a way where I can have separate IP ACL lists for smtpd on port 25 and smtpd on submission ? Is this possible via postscreen or is there another way of achieving this ?


- J


Re: IP ACL’s for smtpd port 25 and not submission

By Viktor Dukhovni at 02/10/2018 - 12:01

No, that's wrong. It takes quite a bit of care of enable
"postscreen" on both port 25 and port 587, in the normal
deployment, "postscreen" only filters port 25 connections.

With the premise wrong, the follow-on question is moot.