postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: SMTPD Policy to Restrict Senders to a known s

Re: SMTPD Policy to Restrict Senders to a known set of IPs

From: mouss <mouss_at_nospam>
Date: Sat Oct 30 2010 - 17:27:26 GMT

Le 30/10/2010 18:43, Kevin Coveney a écrit :
> I have been asked by my client to setup postfix to enforce a policy
> that will restrict certain list of domains to a predetermined list of
> IPs for the domain. However if the sender domain is not on the list
> then we would simply skip this check.
> I was going to manage the sender IP list using separate CIDR: files
> for each domain and reject if not in the list.
> However, what is the best way to tie the domain to the list?
> I was thinking about using smtpd_restriction_classes but I'm not sure
> if this is the best or how to best put it all together.


smtpd_restriction_classes = restrict_sender_ip

smtpd_sender_restrictions =
     check_sender_access hash:/etc/postfix/restricted_senders.hash

restrict_sender_ip =
     check_client_access cidr:/etc/postfix/restricted_senders_ip.cidr

== /etc/postfix/restricted_senders.hash restrict_sender_ip restrict_sender_ip

== /etc/postfix/restricted_senders_ip.cidr OK

for more information.

> Your advice will be much appreciated
> Thanks,
> Kevin Coveney