SMTP from specific IP range OR any IP with AUTH

Discussion in 'Server Operation' started by DrJohn, Nov 16, 2007.

  1. DrJohn

    DrJohn Member

    Gutsy Gibbon Server, Postfix 2.4.5, MySQL 5.0.45, Shorewall 3.4.4.

    I use McAfee's email filtering service to funnel email into an smtp server that sits directly on the net. It accepts smtp from either a fixed ip range ( that corresponds to the McAfee servers' source addresses and authenticates them as 'guest' with appropriately limited privileges; or it accepts from any ip address authenticated users (NTLM & TLS; its a Windows system) with higher privileges.

    I'm switching over to Linux, using a virtual domains setup on Postfix with MySQl as described in several places on this site. I don't have any apparent problems with local mail clients for smtp or imap to send/receive mail as desired.

    But, I'm not quite sure how to configure to accept external clients such as myself on a laptop while traveling (can authenticate but on a random IP) while also accepting email coming in from McAfee's service (can't authenticate but restrained within a fixed IP range).

    I could set up a VPN for external clients to access postfix from the inside, but is there a way to setup postfix to accept external connections as described above?

    Thanks in advance for your thoughts!

  2. falko

    falko Super Moderator ISPConfig Developer

    All you have to do is set up SMTP-AUTH (covered by all the virtual users with Postfix howtos here) and then enable "Server requires authentication." in your email client.
  3. DrJohn

    DrJohn Member

    The server is already set up this way. Let me clarify what I mean.

    I want to accept incoming mail destined for users in the local domains (,, only from the McAfee SMTP servers and no where else. The McAfee servers don't provide any authentication and have to be filtered or recognized by their IP address range. The MX records for my domains point to the McAfee servers, but anyone could attempt to send mail or relay thru my server here by using its IP address directly, instead, so,

    I do not want to accept mail from any other servers either destined for the local domains or in any relay attempts thru my server, except if authenticated as a user, that is, I want to relay mail from any authenticated user (myself and the other authorized users) both from within the LAN (on or from the outside.

    The mail server I currently use has a mechanism that will recognize servers from a specific IP address range as a limited-privilege user ('guest' or whatever I designate) that is allowed to drop mail that's destined for the local domains, only.

    Is there a way to do this in Postfix, or does it already do so? Would you please explain a little about how Postfix might accomplish this?



Share This Page