Victor Duchovni:
> On Tue, Dec 30, 2008 at 12:38:38PM -0500, Wietse Venema wrote:
>
> > For example
> >
> > /etc/postfix/main.cf:
> > smtpd_sender_restrictions =
> > check_sender_access hash:/etc/postfix/sender_access
> > check_client_access pcre:/etc/postfix/client_access.pcre
> >
> > hash:/etc/postfix/sender_access
> > example.com permit
> >
> > /etc/postfix/client_access.pcre
> > 192.168.0.0/24 reject must send mail as u...@example.com
>
> Note the "typo", Wietse meant "cidr:" but the fingers typed "pcre:".
Indeed.
Since he asked for a "nice" way to specify this in Postfix, a "nice"
implementation of this would look like this:
/etc/postfix/main.cf:
smtpd_sender_restrictions = permit_mydomain, reject_mynetworks
Where the details are hidden by restriction classes:
/etc/postfix/main.cf:
restriction_classes = permit_mydomain, reject_mynetworks
permit_mydomain = check_sender_access hash:/etc/postfix/sender_access
reject_mynetworks = check_client_access cidr:/etc/postfix/client_access.cidr
hash:/etc/postfix/sender_access
example.com permit
/etc/postfix/client_access.cidr
192.168.0.0/24 reject must send mail as u...@example.com
Note that moving this into smtpd_recipient_restrictions would
make this an open relay, as anyone can claim to have a sender
address in your domain.
Wietse
