<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>What I would do is set up DNS to handle mail to mxtest.DOMAIN for inbound mail. I presume you want to receive mail on this machine – NDRs and such at least. That will keep the test stuff on the production servers. After your satisfied, rename the mail server, and add it to the mix of MX records that handle real mail.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Sendmail uses a file called access to control connectivity. I’m sure Postfix must as well. With it, you can specify who and what can send/relay/receive mail on that host. You should be able to tell it to only accept from specific IPs or subnets, email addresses or domains, etc. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Let your MTA handle who it will talk to. When it is configured to send/receive from your specific domains, then route mail through that host and begin testing MailScanner. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>MailWatch is worth installing.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>HTH…<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:#1F497D'> ...Kevin<br>--<br>Kevin Miller<br>Network/email Administrator, CBJ MIS Dept.<br>155 South Seward Street<br>Juneau, Alaska 99801<br>Phone: (907) 586-0242, Fax: (907) 586-4500<br>Registered Linux User No: 307357</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:#1F497D'> </span><span style='color:#1F497D'><o:p></o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> mailscanner-bounces@lists.mailscanner.info [mailto:mailscanner-bounces@lists.mailscanner.info] <b>On Behalf Of </b>Sampson, Aaron<br><b>Sent:</b> Monday, September 17, 2012 8:02 AM<br><b>To:</b> mailscanner@lists.mailscanner.info<br><b>Subject:</b> Filter by IP<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am running Centos 6 with Postfix/mailscanner 4.84.5 with Spam Assassin and Clamd and I have a Test server that I am trying to prevent from e-mailing anyone outside 2 certain domains. I have been trying to figure out the best way to set this up so that it does not interfere with the production servers or regular e-mails. But not really clear on the best way to set this up.<o:p></o:p></p><p class=MsoNormal>I thought about trying to put something in whitelist.rules but want to have a clear plan of attack before I try anything to prevent disruption of normal e-mails.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Wanting to do something like<o:p></o:p></p><p class=MsoNormal>When From: ip.tst.srv.add Only Allow to send to: our.domain.com & this domain.com (and block anything not to that domain)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Any thoughts would be greatly appreciated<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:black'>Aaron Sampson<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Times New Roman","serif";color:black'>IT Department<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>