Question about smptd_sender_logins_map and allow to use only for several domains?

Fri, 13 Feb 2009 01:30:19 -0800 

Hi,

i have a question about using smtpd_sender_logins_map,
reject_sender_login_mismatch and check_client_access.

I set smtpd_sender_logins_map and set these rules in sender
restrictions:

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/access,
        check_client_access cidr:/etc/postfix/access_client,
        reject_sender_login_mismatch,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unauth_pipelining,
        permit


The file /etc/postfix/access_client contains the ip addresses that i
permit to pass reject_sender_login_mismatch rule.

But i have a question about this.

In this case these ips can use my email address to send messages to me.
I don't want this to be possible. I want to permit the ips, but also I
want them to be allowed to send mail only if they do so from a specific
domain, for examle @igdomain.com. So, I need to filter mail sending not
only by IPs, but by domain name at the same time - even if an IP is
permitted in /etc/postfix/access_client, it still should not be able to
send mail if the sender domain is different from @igdomain.com.

This is an example:

Lets say that we have permitted this IP in access_client 198.236.125.7
and i have 2 domains that i manage emails for:
domain1.com
domain2.com

Lets say that we have 2 email addresses, one per domain.
an...@domain1.com
i...@domain2.com

The current situation with only permitted ip address is this:

This ip connects to my mail server and send to an...@domain1.com or
i...@domain2.com, message from i...@domain2.com and/or an...@domain1.com
without requiring authentication.

It can use both e-mail addresses in MAIL FROM  and it can send spam.

I want to achieve the following:

I permit this ip in access_client file and it connects.
And we have 2 conditions:

1. If it try to send email to an...@domain1.com or i...@domain2.com
using an...@domain1.com in MAIL FROM field, than it must be rejected,
because it is not authenticated and i don't want this ip to use my email
address to send message to me or someone else in my system.

2. If it try to send email to an...@domain1.com, or i...@domain2.com
using i...@domain2.com in MAIL FROM field, then this should be allowed
(permitted) and in this situation it should pass
reject_sender_login_mismatch rule and send message successfully.


I suppose it is almost clear :)

Is it possible this to be realize and how?


Thanks in advanced!

Reply via email to