Hi.
Recently one of our clients asked to create some internal distribution
lists and to protect them from external access. We implemented this as
recommended in the
http://www.postfix.org/RESTRICTION_CLASS_README.html#internal. The
matching Postfix configuration options are:
--- main.cf ---
smtpd_restriction_classes = insiders_only
insiders_only = check_sender_access mysql:/etc/postfix/insiders.cf, reject
smtpd_recipient_restrictions = ..., check_recipient_access
mysql:/etc/postfix/protected_destinations.cf, ...
--- insiders.cf ---
hosts = localhost
user = mail
password = password
dbname = mail
query = SELECT 1 FROM `insiders` WHERE `address`='%s'
--- protected_destinations.cf ---
hosts = localhost
user = mail
password = password
dbname = mail
query = SELECT 'insiders_only' FROM `lists` WHERE
CONCAT(`listName`,'@list.domain')='%s' limit 1
---
It is working just fine. But, the table `lists` actually has several
lists, and it will be better for each list to have its own "insiders"
set (currently we have one set, which is shared by these lists). I can
add another field to the `insiders` table, indicating, for which list is
this record was created, but how to make Postfix query the lookup table
with two keys - sender address and recipient address - simultaneously,
to have a true ACL? Or, can it add restriction classes on the fly, with
their definitions in the database or at least in some external file,
instead of putting records like "insiders_only = ..." into main.cf file?
Nikita
