Thx for the reply. > While it was intended, no doubt, to be very wrong, it failed. Lacking > a valid CIDR expression, that only matches the single IPv4 address of > 0.0.0.0, which, having special meaning in networking, is unroutable. > A setting of equivalent functionality is "mynetworks =". > > The OP would be well advised to review the BASIC_CONFIGURATION_README, > listing in $mynetworks the client networks which should be allowed to > relay. I read all the postfix docs I could find...
> If the OP does not wish to allow any to relay on the basis of IP > address unless using a "local sender", as the $SUBJECT suggests, the > solution is pretty simple. > > main.cf : > mynetworks = real.IP.add.ress/CIDR[, ...] > smtpd_recipient_restrictions = reject_unlisted_sender, > permit_mynetworks, permit_sasl_authenticated, > reject_unauth_destination[, ...] This did not seem to work as expected. >> don't know if using smtpd_reject_unlisted_sender would prevent >> anything going wrong here, but this is likely to make you an open >> relay. > > If the wrong thing had been done correctly ;) I think this would have > worked too, that is, if I understood the OP's goal correctly. I'm using a virtual transport for all my mail. With local mail I meant all mail that goes through this transport. To verify the 'local' users I use LDAP. It contains all my users and their email addresses. So basically, what my 'ideal' configuration would offer If someone from a none private IP (or localhost) tries to send a mail it is required to have a recipient that is part of the service that offers the virtual transport (this way internal people can send to each other and to people outside the interna; environment. When someone from a public IP tries to send a mail it is required that the sender is an unkown address and the recipient is known. This (I believe) can be resolved by using either two instances. or some sort of policy daemon. What I currently don't know is how I would go about and resolve this. I hope I have clarified any euhh... unclarities Thanks a lot! Regards, Serge Fonville -- http://www.sergefonville.nl Convince Google!! They need to support Adsense over SSL https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=10528 http://www.google.com/support/forum/p/AdSense/thread?tid=1884bc9310d9f923&hl=en
