Stefan Palme:
> On Wed, 2008-11-12 at 09:22 -0500, Wietse Venema wrote:
> > Stefan Palme:
> > > Hi all,
> > >
> > > I have something like this in my main.cf:
> > >
> > > smtpd_recipient_restrictions =
> > > reject_non_fqdn_sender,
> > > reject_non_fqdn_recipient,
> > > reject_unknown_sender_domain,
> > > reject_unknown_recipient_domain,
> > > permit_mynetworks,
> > > permit_sasl_authenticated,
> > > reject
> > >
> > > This is a mail server used only as outgoing SMTP server,
> > > either for local hosts (which is only 127.0.0.1) and
> > > a list of authenticated users.
> > >
> > > Now I want a special authenticated user to be allowed to send
> > > mails with an "unknown recipient domain". Is this possible?
> >
> > The simple approach is to put permit_mynetworks BEFORE the other
> > restrictions.
> >
> > The ugly approach is to replace the above by:
> >
> > /etc/postfix/main.cf:
> > smtpd_client_restrictions =
> > check_client_access pcre:/etc/postfix/client_access
> >
> > smtpd_recipient_restrictions =
> > permit_mynetworks
> > permit_sasl_authenticated
> > reject
> >
> > /etc/postfix/client_access:
> > /^1\.2\.3\.4$/ dunno
> > /./ reject_non_fqdn_sender, ..,
> > reject_unknown_recipient_domain
> >
>
> Thanks to all of you.
>
> @Wietse: the main point is, that I don't want a certain CLIENT (=IP
> address) to be allowed to send to invalid domains, but a certain USER
> (identified by SASL-auth).
> For all "normal" users the domain check should be enabled, only one
> special user will be allowed to try to send to "invalid domains"...
If you know the SASL login, surely you also know the sender address.
Wietse
