Is there any way to control which hosts are permitted to connect to the cleanup daemon over TCP?
Our 'master.cf' contains:
2526 inet n - - - 0 cleanup
This is necessary because we have a cluster of SMTP servers running custom code, and they can all inject mail to the centralized postfix server via the cleanup daemon.
However, we want to allow only our authorized servers to connect to the cleanup daemon. The current configuration allows any host to connect to port 2526.
Clearly we can use iptables to restrict access, but is there a way to do this within postfix itself?
As far as I can tell the cleanup daemon does not have any auth controls. You could try to write a non-smtp milter, but the functionality is pretty limited and I'm not sure it would even help.
The better option might be to expose qmqpd instead. It should pipe things directly into cleanup, but allows you to do simple controls. qmqpd_authorized_clients would be the way to handle it there. I'd suspect you'd need to rewrite some code if you go this route.