aio shin a écrit :
> hi list,
>
> I need help on this scenario that I want to accomplish.
> ex: I have the ff:
> us...@mydomain.com
> us...@mydomain.com
> my mail server is : 192.168.1.254
>
> -I have other network which is 192.168.10.0/24 which I included at mynetwork.
>
> -I need that us...@mydomain.com can send only from IP 192.168.10.21
> using my mailserver, other than that, user1 should be denied relaying.
>
This is an unusual requirement. What problem are you trying to solve?
Why do you care about the IP? Better use SASL...
Anyway, you can achieve this using restriction classes
http://www.postfix.org/RESTRICTION_CLASS_README.html
smtpd_restriction_classes =
...
only_from_192_168_10_21
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/access123
only_from_192_168_10_21 =
check_client_access cidr:/etc/postfix/192.168.10.21.cidr
=== 192.168.10.21.cidr
192.168.10.21 DUNNO
0.0.0.0/0 REJECT blah blah
== access123
us...@mydomain.example only_from_192_168_10_21
but this does not scale. if you want to scale, you need a policy service
> -user2 should be able to send from 192.168.10.0/24 by relaying to my
> mail server (192.168.1.254)
>
By default, all users sending from mynetworks are allowed relay. so you
don't need to do anything.
if sending from outside, then do not rely on the sender for relay
authorization. The sender address is eaisly forged.
> any idea how to accomplish?
>
> currently Im searching postfix docs related to sender restriction but
> no success yet.
