Ok, well, now I decide not to allow connections not from my internal network. But I was really surprised that I can't fully operate with different clients identification information.
Where can I write "feature request"?))) It will be good to add state values (something like $is_from_mynetwork, $is_sasl_authenticated, $has_valid_certificate and so on) to Postfix configuration, and add ability to use logical operations with this variables to decide permit, reject, defer etc. Something like: smtpd_recipient_restrictions = is_from_mynetwork AND is_sasl_aithenticated THEN permit reject_unauth_destination 2010/2/12 Ralf Hildebrandt <ralf.hildebra...@charite.de> > * Ralf Hildebrandt <ralf.hildebra...@charite.de>: > > * Неворотин Вадим <nevoro...@gmail.com>: > > > Mmm... Unfortunatelly, I can't understand how combine > > > permit_sasl_authenticated and permit_tls_clientcerts with access_maps. > > > > You can't, since both return PERMIT > > One idea would be to use a policy daemon. The daemon can retrieve > authentication and SSL info from postfix > > -- > Ralf Hildebrandt > Geschäftsbereich IT | Abteilung Netzwerk > Charité - Universitätsmedizin Berlin > Campus Benjamin Franklin > Hindenburgdamm 30 | D-12203 Berlin > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ralf.hildebra...@charite.de | http://www.charite.de > >
