Back in August several people helped me with the problem linked here:
http://www.mail-archive.com/postfix-users@postfix.org/msg26629.html
It was almost what I needed, but I didn't completely understand what I was
asking for at the time, and the configuration is causing problems. I need to
implement some further restrictions and can't figure out how to do it. The
current restrictions in my main.cf look like this:
smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/client_access
check_sender_access hash:/etc/postfix/sender_access
check_recipient_access hash:/etc/postfix/recipient_access
check_client_access static:discard
reject_unauth_destination
An unintended consequence is that any address that is allowed as a sender is
allowed to relay to anyone, even invalid addresses. I need to be able to
specify a very small subset of valid addresses as recipients, based on who the
sender is, and discard all the others. Since this setup is "first-match-wins",
the relay doesn't evaluate anything past check_sender_access. I need it to
evaluate sender, and if the sender is allowed, discard any recipient address
that isn't explicitly allowed. I tried blacklisting the addresses I knew to,
and that worked, but new and/or invalid addresses keep turning up in the test
code, and the blacklist has become unmanageable.
I need a way to implement "check_sender_access_AND_check_recipient_access". I
assume Noel anticipated that need when he talked about using
"smtpd_restriction_classes for multiple-factor tests", but reading the
documentation didn't shed any light on how to implement in this situation. Can
anyone help turn back the darkness?
