D. Karapiperis a écrit :
> I did the from_inside_network thing to do the logical AND regarding the
> sending domain.
A "logical AND" can be replaced by a sequence. and a sequence is easier
to manage (in the mind, on paper, ...).
> Is there any way to do this woth permit_mynetworks?
>
to do what? I already posted a config that answers your need. here it is
again:
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/outbound_sender
reject_unauth_destination
== outbound_sender
example.com OK
> Is there any way to permit local users (from the inside network) to send
> emails using the business domain in a clear and nice way in postfix?
>
I guess you mean implement something like:
if (client is in mynetworks) then sender must be in *...@example.com
this can be written as:
if ((client is in mynetworks) and (sender is not in *...@example.com)) then
reject
which in turn can be restated as a sequence:
1- if sender is *...@example.com, then pass
2- if client is in mynetworks, then reject
and this is easily implemented with:
smtpd_client_restrictions =
check_sender_access hash:/etc/postfix/allow_our_domain
check_client_access hash:/etc/postfix/reject_mynetworks
== allow_our_domain
example.com OK
== reject_mynetworks
10.1.2.0/24 REJECT you must use an address in @example.com
if you already have checks under smtpd_client_restrictions, then use
smtpd_helo_restrictions or smtpd_sender_restrictions (whichever is
empty). but don't use smtpd_recipient_restrictions (it is possible, but
an error there makes you an open relay). if no restriction is empty,
you'll need restriction classes. if it's the case, show your full config
(all restrictions and restriction classes).
<note>
while you could use a single map for both "reject_mynetworks" and
mynetworks, it is not wise (as I said before, one day, you will edit
something and the world will break all of a sudden). better use a script
to generate both files from a single source file (you can use a Makefile
that you could use for other map mgmt tasks).
</note>
