Re: Allow relay from certain IPs AND allow only certain senders

Mon, 20 Jan 2020 02:01:30 -0800 

On Mon, Jan 20, 2020 at 10:35:24AM +0100, ego...@gmail.com wrote:

> I am configuring a Postfix relay hosted on a cloud provider. I would like
> to allow relay access only to public IPs of my company AND to a precise
> list of senders. Here are my main.cf configurations:
> 
> mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
> smtpd_recipient_restrictions = permit_mynetworks,
>                                 check_sender_access 
> hash:/etc/postfix/allowed_senders,
>                                 reject_unauth_destination
> 
> allowed_senders is like this:
> 
> name.surn...@domain.com OK
> john....@domain.com OK
> andrew.wh...@domain.com OK

A belt-and-suspenders solution would be:

     mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24

     # No relaying from untrusted networks
     smtpd_relay_restrictions =
        permit_mynetworks,
        reject_unauth_destination

     # Also, no relaying by unauthorized senders
     smtp_sender_restrictions =
         check_sender_access hash:/etc/postfix/allowed_senders,
         reject_unauth_destination

     # Apply UCE controls to remote clients
     smtpd_recipient_restrictions =
         permit_mynetworks,
         ... anti-spam rules if any ...
     
   allowed_senders:
     
     # Just in case, reject relay attempts from untrusted networks
     #
     name.surn...@domain.com permit_mynetworks, reject_unauth_destination
     john....@domain.com     permit_mynetworks, reject_unauth_destination
     andrew.wh...@domain.com permit_mynetworks, reject_unauth_destination

-- 
    Viktor.

Reply via email to