Make Postfix use MySQL to check whether sender adress is permitted

Question

We're trying to use PostFix to check whether the sender email-address is permitted to send to a specific email-address.

Another way to describe it would be that I want specific e-mailaddresses to only allow incoming messages (not SMTP logins) from specific e-mailaddresses.

Will something like this work? main.cf:

smtpd_recipient_restrictions =
    [other restrictions here]
    check_sender_access
        mysql:/etc/postfix/restricted_senders_to_recipents.cf

restricted_senders_to_recipents.cf:

user = uname
password = pword
hosts = 127.0.0.1
dbname = dbname
#!!!PSEUDOCODE!!!
query = SELECT allowed FROM members WHERE sender = %sender AND recipent = %recipent;

Is this possible? If then how?

I know that aliases with MySQL works this way since we're already using it. (http://www.postfix.org/mysql_table.5.html)

Answer 1

The short answer is PROBABLY NO.

Postfix supports per sender/recipient/client restriction with Postfix Per-Client/User/etc. Access Control with smtpd_restriction_classes. With your requirement, you must dynamically set smtpd_restriction_classes parameter, but it doesn't work with postfix.

As workaround, you could use Milter (See the documentation) or something like Postfwd or PolicyD

Answer 2

Seems you can accomplish this in a two part process.

First, create a smtpd_sender_restriction that is a mysql lookup for addresses who bleong to the class of users who need the acl:

smtpd_recipient_restrictions = reject_non_fqdn_sender,
    ...
    mysql:/etc/postfix/protected_users.cf

Next, because that mysql lookup will return a class of users, you can assign that class of users to do anohter lookup to decide if the mail can be sent:

smtpd_recipient_restrictions = reject_non_fqdn_sender,
    ...
    proxy:mysql:/etc/postfix/protected_users.cf

whitelist = check_sender_access proxy:mysql:/etc/postfix/whitelist.cf, reject

This two part lookup should do what you need.

Reference