On Thu, 2022-02-03 at 07:31 +0000, Vincent Willert via Users wrote:
we just switched from the Debian version to the
appliance version. So
far everything seems to work, but we have one issue.
On our old server only our office365 host was able to connect and
deliver mail. I believe the part in config with
“exchange_online_checks = check_client_access cidr:/etc/postfix/cidr-
o365-ip-range” should define the hosts which are allowed to connect
/etc/postfix/cidr-o365-ip-range (more IPs from O365 inside, this is
just one for example) being:
I do realize that this leads to the fact that everybody from an O365
ip address can send to the Ciphermail appliance and it will be
forwarded but this is something we are willing to accept.
Unfortunately currently all IP addresses can connect and deliver mail
for our domain which leads to intensive spam.
Am I doing something wrong? Would really appreciate some help.
If you only want to allow incoming connections from O365, you should
tell postfix to only allow connections from the O365 IP range.
For example you can add a check_client_access restriction to
smtpd_client_restrictions which only allows the connection if the
connection comes from the O365 IP range.
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF Messenger and Webmail Messenger