Hello,
Since Postfix is now (since v2.11) providing more extensive sasl access
restrictions, we are considering using the following model to protect
particular addresses so that only specific users can send mail to them:
/etc/postfix/main.cf:
...
allowed_list1= check_sasl_access
hash:/etc/postfix/allowed_users,reject
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/protected_destinations
permit_sasl_authenticated
reject_unverified_recipient
reject_unauth_destination
...
/etc/postfix/protected_destinations:
privli...@example.com allowed_list1
privli...@example.com allowed_list1
privli...@example.com allowed_list1
...
/etc/postfix/allowed_users:
john.doe OK
jackpot OK
thechief OK
All users will be required to be SASL-authenticated, and, consequently,
the above approach (restricting via check_sasl_access) would be much
better/versatile than the one we are currently using (restricting via
check_client_access and associated lists of allowed IP Addresses),
because it would focus on individual users, wherever they may be, and
not on their (network) location.
Can you please confirm that this is a valid configuration?
Any other suggestions, pitfalls and/or comments?
Thanks in advance,
Nick
