1

I am servicing 2 virtual domains: domain1.org , domain2.org. I want to enforce the following policy:

If a client connects from an IP address in $mynetworks then I want to allow only mails for which the sender address domain belongs to one of my domains.

If a client connects from any other IP address then I want to allow only mails for which the sender address domain does not belong to one of my domains.

For that have two hash access files (sender_for_local_clients and sender_for_remote_clients)

sender_for_local_clients contains

domain1.org OK
domain2.org OK

sender_for_remote_clients contains

domain1.org REJECT
domain2.org REJECT

But I dont know how to combine them in the smtpd_sender_restrictions directive. Part of the problem is that the OK actions do not automatically PERMIT, while REJECT actions do automatically REJECT, so I cant find a proper sequence of smtpd_sender_restrictions that will accomplish my above stated policy. Any ideas?

PersianGulf
  • 602
  • 8
  • 21
Paralife
  • 329
  • 1
  • 4
  • 10

1 Answers1

1

You will need a restriction class for this. Reproduce the contents of $mynetworks to a CIDR map, e.g. cidr:/etc/postfix/local_clients with something like this:

# local networks
192.168.0.0/24 local_senders

smtpd_restriction_classes = local_senders
local_Senders = check_sender_access hash:/etc/postfix/sender_for_local_clients, reject

smtpd_recipient_restrictions = 
 ...
 check_client_access cidr:/etc/postfix/local_clients
 ...
 check_sender_access hash:/etc/postfix/sender_for_remote_clients
 ...
Stefan Förster
  • 1,151
  • 5
  • 8