postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: SMTPD Policy to Restrict Senders to a known s

Re: SMTPD Policy to Restrict Senders to a known set of IPs

From: mouss <mouss_at_nospam>
Date: Sat Oct 30 2010 - 17:27:26 GMT
To: postfix-users@postfix.org

Le 30/10/2010 18:43, Kevin Coveney a écrit :
> I have been asked by my client to setup postfix to enforce a policy
> that will restrict certain list of domains to a predetermined list of
> IPs for the domain. However if the sender domain is not on the list
> then we would simply skip this check.
> I was going to manage the sender IP list using separate CIDR: files
> for each domain and reject if not in the list.
> However, what is the best way to tie the domain to the list?
> I was thinking about using smtpd_restriction_classes but I'm not sure
> if this is the best or how to best put it all together.

yes.

smtpd_restriction_classes = restrict_sender_ip

smtpd_sender_restrictions =
     check_sender_access hash:/etc/postfix/restricted_senders.hash

restrict_sender_ip =
     check_client_access cidr:/etc/postfix/restricted_senders_ip.cidr
     reject

== /etc/postfix/restricted_senders.hash
example.com restrict_sender_ip
.example.com restrict_sender_ip

== /etc/postfix/restricted_senders_ip.cidr
192.0.2.0/24 OK

check
     http://www.postfix.org/RESTRICTION_CLASS_README.html
for more information.

> Your advice will be much appreciated
> Thanks,
> Kevin Coveney