On Sun, Feb 07, 2021 at 05:33:10PM +0100, Marek Kozlowski wrote:
> Presumably it's my fault but I cannot find such an option. If so - thank
> you for directing me to it. I'm wondering if it possible to limit
> incoming mail with '...@somedomain.tld' specified as a sender address*)
> to IPs belonging from some CIDR ranges:
> - if addresses from the ranges belong to 'somedomain.tld'?
> - if addresses from the ranges and 'somedomain.tld' A records don;t
> cover the same sets of hosts?
A policy service can inspect the full combinatio of:
- client IP address
- EHLO name
- envelope sender
- envelope recipient
- ...
http://www.postfix.org/SMTPD_POLICY_README.html
You can then return "DUNNO" or "REJECT ..." as you see fit.
You can also use restriction classes if the number of sets of
permitted address blocks (across all senders) is not too large.
main.cf:
smtpd_restriction_classes =
check_cidr1,
check_cidr2,
...
cidr = cidr:${config_directory}/
check_cidr1 = check_client_access ${cidr}cidr1
check_cidr2 = check_client_access ${cidr}cidr2
...
sender_access:
send...@example.com check_cidr1
send...@example.net check_cidr2
...
cidr1:
192.0.2.1 OK
0.0.0.0/0 REJECT ...
cidr2:
192.0.2.2 OK
0.0.0.0/0 REJECT ...
...
--
Viktor.
