Great, I'll look into that. Thanks a lot,
Aleksandar 2011/10/5 Noel Jones <njo...@megan.vbhcs.org>: > On 10/5/2011 5:00 AM, Aleksandar Vukovic wrote: >> Hi everybody, >> >> Is it possible to somehow limit smtpd_sender_restrictions only to >> outgoing mail? >> I want to use check_sender_access on my outgoing mail so that in MAIL >> FROM only addresses from my list of emails are allowed. I guess that >> one (ugly) way to solve this is to have 2 Postfix servers so that one >> is used only for outgoing mail and the other is only used for >> incoming. That way you can safely apply check_sender_access on >> outgoing server, and don't allow sending mail from incoming server. >> But, if I use only one Postfix server, then those restriction are >> applied on both incoming and outgoing mail and I can only receive mail >> that have MAIL FROM addresses from my list. Mybe there is a simple way >> to do this, but I just don't see it, and I googled a lot :) >> >> Is there a better way to achieve this? >> >> Best regards, >> >> Aleksandar > > > Many folks separate incoming and outgoing mail to apply different > policies as required. > > The easiest way to separate mail flow is require users to submit > mail on the submission port, using setting overrides in master.cf on > the submission service. > > # main.cf > submission_smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject > submission_smtpd_sender_restrictions = > ... stuff only for internal senders ... > > # master.cf > submission ... smtpd > -o smtpd_sender_restrictoins=$submission_smtpd_sender_restrictions > -o > smtpd_recipient_restrictions=$submission_smtpd_recipient_restrictions > ... maybe other stuff to enforce TLS and/or SASL > > > Your other simple alternative is to use smtpd_restriction_classes to > find mail coming from internal networks with a check_client_access > map, and then apply a check_sender_access map to that. General > notes here: > http://www.postfix.org/RESTRICTION_CLASS_README.html > > Beyond that, you could use separate instances of postfix on the same > box. > > > -- Noel Jones > -- Centar Informacionog Sistema - CIS
