Re: Block all but a few from sending mail offsite

[mouss]

 Le 14/10/2010 00:07, John Swift a écrit :

Hello,

Your solution worked, thank you! Now what I'm wondering is this: How can I add 
specific IPs to be able to send off-site? Essentially, I'd like two access 
lists for sending off-site: One for sender email addresses and one for host 
IPs. If you belong in either one you can send offsite.

just add a check_client_access before the check_sender_access:

smtpd_sender_restrictions =
    check_client_access cidr:/etc/postfix/access_client.cidr
    check_sender_access hash:/etc/postfix/access_sender


== access_client.cidr
192.0.2.3       OK
#or for the full 192.0.2.0-192.0.2.255 range:
#192.0.2.0/24   OK

Is it possible to implement this? Can I use smtpd_client_restrictions in 
conjunction with what I have without messing up internal facing mail?

Thank you.

--- On Tue, 10/12/10, mouss<mo...@ml.netoyen.net>  wrote:

From: mouss<mo...@ml.netoyen.net>
Subject: Re: Block all but a few from sending mail offsite
To: postfix-users@postfix.org
Date: Tuesday, October 12, 2010, 2:16 PM
  Le 12/10/2010 01:45, John Swift a
écrit :

Hello,

For my Postfix web server, I was able to get the

example working that was at the bottom of the web page here:
http://www.postfix.org/RESTRICTION_CLASS_README.html#external.
In that section of the web page, it says "It is left as an
exercise for the reader to change this into a scheme where
only some users have permission to send mail to off-site
destinations, and where most users are restricted." I've
tried many many different things  but have been unable
to change the scheme where some users have permission to
send mail offsite and most users are restricted. Can I get a
little help with this? I'm guessing this is a small config
change that I'm completely missing.

can you explain your need clearly?


with the following:

smtpd_sender_restrictions =
     check_sender_access
hash:/etc/postfix/access_sender

== access_sender
j...@example            OK

j...@example.com OK example.com reject_unauth_destination .example.com reject_unauth_destination

joe and jim can send "offsite", while other *example.com
can only send to "managed" domains (mydestination, relay
domains, virtual mailbox domains, virtual alias domains).