R: R: Rules based on source IPs/Addresses

Wed, 11 May 2011 00:05:18 -0700 

I will try to explain better what is my problem.
 
In our structure we have "some" mail servers (for security reasons we have a 
complete separate structure between internal and external network, when we 
receive a mail from Internet we must use a terminal server to access the 
external mail server):
 
- An internal Exchange
- An external Exchenge
- An external appliance as a Mail relay for normal users mail traffic
- An external appliance as a Mail relay for batch/automatic mail traffic
 
Usually when an "internal" server needs to send mails on internet we used to 
open the port 25 on the firewall to permit that server to access the "external 
batch mail relay". 
 
Now we'd like to implement an internal mail relay which will do the job of send 
internet mail (through the ""external batch mail relay") for the internal 
servers that need this. 
 
The problem is that this mail relay (postfix) should filter who and where can 
send the mails; something like:
 
Group of internal servers (SMTP clients) - Recipients permitted
client1,client4,client7 - us...@domain1.com, 
<mailto:us...@domain1.com,us...@domain2.com> us...@domain2.com
client2,client3,client4 - us...@domain6.com, <mailto:us...@domain6.com,> 
us...@domain4.com <mailto:us...@domain4.com>  
 
with Regards,
Daniel
 
________________________________

Da: owner-postfix-us...@postfix.org per conto di Wietse Venema
Inviato: mar 10.05.2011 17:19
A: Postfix users
Oggetto: Re: R: Rules based on source IPs/Addresses



Hubeli Daniel:
> My problem is that now I have to enable another group of server to use thi
>-s mail server as relay but I have to apply other rules to this new group of
>-servers. Is there a way to have different rules (for istance "relay_recipien
>-t_maps") based on source hosts/addresses ? ... maybe something like acl for
>-squid proxy ...

Wietse:
> By definition, relay_recipient_maps specifies the recipients.
> Therefore it cannot depend on sender address or sender host.

Hubeli Daniel:
> Maybe my example wasn't completely correct but is there a way to
> have different rules/routing based on different groups of sources

Please describe the *problem* that you want to solve, instead of
the solution (rules/routing).

        Wietse

<<winmail.dat>>

Reply via email to