postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Block all but a few from sending mail offsite

Re: Block all but a few from sending mail offsite

From: mouss <mouss_at_nospam>
Date: Sat Oct 16 2010 - 16:21:11 GMT
To: postfix-users@postfix.org

  Le 14/10/2010 00:07, John Swift a écrit :
> Hello,
>
> Your solution worked, thank you! Now what I'm wondering is this: How can I add specific IPs to be able to send off-site? Essentially, I'd like two access lists for sending off-site: One for sender email addresses and one for host IPs. If you belong in either one you can send offsite.
>

just add a check_client_access before the check_sender_access:

smtpd_sender_restrictions =
     check_client_access cidr:/etc/postfix/access_client.cidr
     check_sender_access hash:/etc/postfix/access_sender

== access_client.cidr
192.0.2.3 OK
#or for the full 192.0.2.0-192.0.2.255 range:
#192.0.2.0/24 OK

> Is it possible to implement this? Can I use smtpd_client_restrictions in conjunction with what I have without messing up internal facing mail?
>
> Thank you.
>
> --- On Tue, 10/12/10, mouss<mouss@ml.netoyen.net> wrote:
>
>> From: mouss<mouss@ml.netoyen.net>
>> Subject: Re: Block all but a few from sending mail offsite
>> To: postfix-users@postfix.org
>> Date: Tuesday, October 12, 2010, 2:16 PM
>> Le 12/10/2010 01:45, John Swift a
>> écrit :
>>> Hello,
>>>
>>> For my Postfix web server, I was able to get the
>> example working that was at the bottom of the web page here:
>> http://www.postfix.org/RESTRICTION_CLASS_README.html#external.
>> In that section of the web page, it says "It is left as an
>> exercise for the reader to change this into a scheme where
>> only some users have permission to send mail to off-site
>> destinations, and where most users are restricted." I've
>> tried many many different things but have been unable
>> to change the scheme where some users have permission to
>> send mail offsite and most users are restricted. Can I get a
>> little help with this? I'm guessing this is a small config
>> change that I'm completely missing.
>>
>> can you explain your need clearly?
>>
>>
>> with the following:
>>
>> smtpd_sender_restrictions =
>> check_sender_access
>> hash:/etc/postfix/access_sender
>>
>> == access_sender
>> joe@example OK
>> jim@example.com
>> OK
>> example.com
>> reject_unauth_destination
>> .example.com
>> reject_unauth_destination
>>
>>
>> joe and jim can send "offsite", while other *example.com
>> can only send to "managed" domains (mydestination, relay
>> domains, virtual mailbox domains, virtual alias domains).
>>
>
>