I have a similar setup in the works (the external spam filtering
hasn't been engaged yet, so I haven't tested this).
I'm thinking smtpd_client_restrictions would do the job, like so (the
excerpts are from main.cf):
smtpd_client_restrictions =
permit_mynetworks
permit_sasl_authenticated
check_client_access hash:$config_directory/tables/client_access_maps
reject
I've set the other restrictions are as follows (but limiting mail
reception only to a set of about five IPs is enforced by
smtpd_client_restrictions; the allowed IPs are defined in
client_access_maps table; local and SASL authenticated are allowed
also so that it's possible for the users of the system to send mail).
smtpd_helo_restrictions =
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
permit_mynetworks
permit_sasl_authenticated
reject_unknown_helo_hostname
smtpd_etrn_restrictions =
permit_mynetworks
reject
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unverified_recipient
check_recipient_access pcre:$config_directory/tables/pcre_access_maps
permit_mynetworks
permit_sasl_authenticated
reject_non_fqdn_hostname
reject_invalid_hostname
reject_unauth_destination
smtpd_data_restrictions =
reject_multi_recipient_bounce
reject_unauth_pipelining
---
Ville
