OK Brian,
Per your advice, I modified it as below:
smtpd_restriction_classes = allowed_list1
allowed_list1= check_client_access cidr:/etc/postfix/client.cidr,reject
smtpd_recipient_restrictions =
hash:/etc/postfix/protected_destinations,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
and I found it works fine!
I only must reload postfix ("service postfix reload") in case of any
changes in the client.cidr file.
It seems this set of settings is safe for mail server operation (of
course it won't avoid IP spoofing).
By the way, I was thinking, would there be a way to restrict access to
mail addresses based on *particular* authenticated users? The idea is: a
user is trying to connect to our SMTP (postfix) to send email to
ali...@example.com (which we want to control access to). He is
authenticated by postfix as userY using SASL over our LDAP server (we
are using virtual accounts only). Can I setup some
"smtp_restriction_classes" based on authenticated usernames (for example
a check_client_access lookup table saying userY OK)? I haven't been able
to locate a similar subject in the documentation (except of course
permit_sasl_authenticated which applies to all such users at the same time).
Thanks very much,
Nick
On 7/2/2011 7:37 μμ, Brian Evans - Postfix List wrote:
But, could I have used "allowed_list1= check_client_access
cidr:/etc/postfix/client.cidr,reject" ? Is this feasible?
Yes
