Viktor Dukhovni: > On Sun, Feb 07, 2021 at 05:33:10PM +0100, Marek Kozlowski wrote: > > > Presumably it's my fault but I cannot find such an option. If so - thank > > you for directing me to it. I'm wondering if it possible to limit > > incoming mail with '...@somedomain.tld' specified as a sender address*) > > to IPs belonging from some CIDR ranges: > > - if addresses from the ranges belong to 'somedomain.tld'? > > - if addresses from the ranges and 'somedomain.tld' A records don;t > > cover the same sets of hosts? > > A policy service can inspect the full combinatio of: > > - client IP address > - EHLO name > - envelope sender > - envelope recipient > - ... > > http://www.postfix.org/SMTPD_POLICY_README.html > > You can then return "DUNNO" or "REJECT ..." as you see fit.
Have a look at https://www.postfwd.org/ Wietse > You can also use restriction classes if the number of sets of > permitted address blocks (across all senders) is not too large. > > main.cf: > smtpd_restriction_classes = > check_cidr1, > check_cidr2, > ... > > cidr = cidr:${config_directory}/ > check_cidr1 = check_client_access ${cidr}cidr1 > check_cidr2 = check_client_access ${cidr}cidr2 > ... > > sender_access: > send...@example.com check_cidr1 > send...@example.net check_cidr2 > ... > > cidr1: > 192.0.2.1 OK > 0.0.0.0/0 REJECT ... > > cidr2: > 192.0.2.2 OK > 0.0.0.0/0 REJECT ... > > ... > > -- > Viktor. >
