postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Block all but a few from sending mail offsite

Re: Block all but a few from sending mail offsite

From: mouss <mouss_at_nospam>
Date: Sat Oct 16 2010 - 16:21:11 GMT

  Le 14/10/2010 00:07, John Swift a écrit :
> Hello,
> Your solution worked, thank you! Now what I'm wondering is this: How can I add specific IPs to be able to send off-site? Essentially, I'd like two access lists for sending off-site: One for sender email addresses and one for host IPs. If you belong in either one you can send offsite.

just add a check_client_access before the check_sender_access:

smtpd_sender_restrictions =
     check_client_access cidr:/etc/postfix/access_client.cidr
     check_sender_access hash:/etc/postfix/access_sender

== access_client.cidr OK
#or for the full range:
# OK

> Is it possible to implement this? Can I use smtpd_client_restrictions in conjunction with what I have without messing up internal facing mail?
> Thank you.
> --- On Tue, 10/12/10, mouss<> wrote:
>> From: mouss<>
>> Subject: Re: Block all but a few from sending mail offsite
>> To:
>> Date: Tuesday, October 12, 2010, 2:16 PM
>> Le 12/10/2010 01:45, John Swift a
>> écrit :
>>> Hello,
>>> For my Postfix web server, I was able to get the
>> example working that was at the bottom of the web page here:
>> In that section of the web page, it says "It is left as an
>> exercise for the reader to change this into a scheme where
>> only some users have permission to send mail to off-site
>> destinations, and where most users are restricted." I've
>> tried many many different things but have been unable
>> to change the scheme where some users have permission to
>> send mail offsite and most users are restricted. Can I get a
>> little help with this? I'm guessing this is a small config
>> change that I'm completely missing.
>> can you explain your need clearly?
>> with the following:
>> smtpd_sender_restrictions =
>> check_sender_access
>> hash:/etc/postfix/access_sender
>> == access_sender
>> joe@example OK
>> OK
>> reject_unauth_destination
>> reject_unauth_destination
>> joe and jim can send "offsite", while other *
>> can only send to "managed" domains (mydestination, relay
>> domains, virtual mailbox domains, virtual alias domains).