Nikita Kipriyanov a écrit : > Hi. > Recently one of our clients asked to create some internal distribution > lists and to protect them from external access. We implemented this as > recommended in the > http://www.postfix.org/RESTRICTION_CLASS_README.html#internal. The > matching Postfix configuration options are: > > --- main.cf --- > smtpd_restriction_classes = insiders_only > insiders_only = check_sender_access mysql:/etc/postfix/insiders.cf, reject > > smtpd_recipient_restrictions = ..., check_recipient_access > mysql:/etc/postfix/protected_destinations.cf, ... > > --- insiders.cf --- > hosts = localhost > user = mail > password = password > dbname = mail > query = SELECT 1 FROM `insiders` WHERE `address`='%s' > > --- protected_destinations.cf --- > > hosts = localhost > user = mail > password = password > dbname = mail > query = SELECT 'insiders_only' FROM `lists` WHERE > CONCAT(`listName`,'@list.domain')='%s' limit 1 > > --- > > It is working just fine. But, the table `lists` actually has several > lists, and it will be better for each list to have its own "insiders" > set (currently we have one set, which is shared by these lists). I can > add another field to the `insiders` table, indicating, for which list is > this record was created, but how to make Postfix query the lookup table > with two keys - sender address and recipient address - simultaneously,
not possible. postfix checks use a single field. if you need multiple fields, use a policy service. > to have a true ACL? Or, can it add restriction classes on the fly, with > their definitions in the database or at least in some external file, > instead of putting records like "insiders_only = ..." into main.cf file? > > Nikita >
