1

My question is related with this: Dual delivery Google Apps and Postifx (server reject mail from my domain on google)

Well, i've some servers with Ubuntu running an ISPconfig with Postfix.

My question is: Is possible do a selective mynetworks policy per domain/user on postfix? For example, only apply some IP's permitted for a domain, but no for all others.

Community
  • 1
Jovi
  • 33
  • 5

2 Answers2

1

Yes, you can do something similar with the postfix Restriction Classes, in fact, their examples speak specifically to the necessity to implement different types of restrictions for different users.

As the access tables allow, you could create a per user access table (or a group), and allow mail from them, from specific IPs.

NickW
  • 10,263
  • 1
  • 20
  • 27
  • Thanks you Nick for your answer, the link is very useful. But now, i don't understand some things of the link. Ok, i need a create a class, some like: `/etc/postfix/main.cf: smtpd_restriction_classes = restrictive, permissive restrictive = -here policies to deny- permissive = permit smtpd_sender_restrictions = permit_mynetworks reject_unauth_destination check_recipient_access hash:/etc/postfix/recipient_access` – Jovi Jan 03 '14 at 17:33
  • And then, i need to create a hash file with the list of domains, users,... `/etc/postfix/recipient_access: joe@my.domain permissive jane@my.domain restrictive` By default, if i don't put a user in this list, would take the restrictive policy, right? But, how i can apply this to mynetworks policy? How i must put some IP's on a class, and other IP's or IP range in other class? Thanks you Nick. – Jovi Jan 03 '14 at 17:33
  • Have a look at the access table, if it doesn't find a match, it tends to use the default. You shouldn't need to specify a specific mynetworks type of class, just make email to those users hosted on the google apps part of the permissive class, then they should be accepted.. – NickW Jan 03 '14 at 17:43
  • Ok thanks you. But, then i cannot specify the IP of origin for every mail account, right? Well, this is useful for my purposes. Thanks you Nick! – Jovi Jan 05 '14 at 18:32
  • In theory, if you wanted to spend the time, you probably could specify the allowed IP for every email, but I think the administrative burden would be too heavy to be realistic. A permissive acceptance policy should be almost as effective.. – NickW Jan 06 '14 at 16:33
  • Ok. Thanks you very much Nick. This is my first time asking in ServerFault, but with users like you, this is a great platform! – Jovi Jan 06 '14 at 19:14
0

Well, now i found how to do that in ISPConfig.

Mail -> Global filters -> Postfix Whitelist Just add a new mail with the filter type "Sender".

This permit all the traffic from the mail/domain specified.

Jovi
  • 33
  • 5
  • Good job on the research :) – NickW Jan 07 '14 at 11:40
  • Thanks Nick. It's not perfect, i can't specify the IP from incoming traffic, but this works for me and my purposes. Thanks you very much Nick, for your help during my questions :D – Jovi Jan 07 '14 at 11:46