2009/4/18 LuKreme <[email protected]>: > Ah.. no. I see where I misspoke. I don't want smtp connections out from > the LAN SERVER to servers other than mail.example.com (that is, postfix on > example.local will only ever, no matter what, connect to mail.example.com).
Sure, can't you set your firewall to do this? iptables -A OUTPUT -d x.x.x.x -p tcp --dport smtp -j ACCEPT iptables -A OUTPUT -p tcp --dport smtp -j REJECT This is just policy enforcement though. A correct policy *implementation* should ensure postfix behaves as you expect. 2009/4/18 mouss <[email protected]>: >>> The only thing I'm unsure about there is the "match $inet_interfaces" >>> - if example.local == $inet_interfaces, will it short circuit the >>> check for virtual_alias_domains? >>> > > you need to reread that piece of documentation. there is no short circuit. Okay, I've read that piece a couple of times, perhaps you (or someone) can clarify the meaning of statements like this: "Mail to local destinations that match $inet_interfaces or $proxy_interfaces, $mydestination, $virtual_alias_domains, or $virtual_mailbox_domains" I believe this is meant to be parsed as (($inet_interfaces or $proxy_interfaces) or $mydestination or $virtual_alias_domains or $virtual_mailbox_domains). I'm fine with that now, but can you explain or give an example of a destination that would match inet_interfaces or proxy_interfaces? Mail with a recipient like [email protected] ?
