Hubeli Daniel:
> I will try to explain better what is my problem.
>
> In our structure we have "some" mail servers (for security reasons we have a
> complete separate structure between internal and external network, when we
> receive a mail from Internet we must use a terminal server to access the
> external mail server):
>
> - An internal Exchange
> - An external Exchenge
> - An external appliance as a Mail relay for normal users mail traffic
> - An external appliance as a Mail relay for batch/automatic mail traffic
>
> Usually when an "internal" server needs to send mails on internet we used to
> open the port 25 on the firewall to permit that server to access the
> "external batch mail relay".
>
> Now we'd like to implement an internal mail relay which will do the job of
> send internet mail (through the ""external batch mail relay") for the
> internal servers that need this.
>
> The problem is that this mail relay (postfix) should filter who and where can
> send the mails; something like:
>
> Group of internal servers (SMTP clients) - Recipients permitted
> client1,client4,client7 - us...@domain1.com,
> <mailto:us...@domain1.com,us...@domain2.com> us...@domain2.com
> client2,client3,client4 - us...@domain6.com, <mailto:us...@domain6.com,>
> us...@domain4.com <mailto:us...@domain4.com>
>
Use a third-party policy daemon: postfwd, policyd, and the like
allow you to set up rules. I decided years ago that I will not
implement an universal access control language inside Postfix,
because almost no-one needs this.
Since this is concerned with *outbound* mail, there is no need to
mess with relay_domains or relay_recipient_maps. Those are needed
for *inbound* mail.
Wietse
