On Thu, Dec 30, 2010 at 01:45:57PM -0600, michael.lar...@wellsfargo.com wrote:
> Thanks for trying to help Viktor, but I don't think this configuration will
> work for me. Let me try to explain; when I made my original post, others on
> the list were somewhat surprised regarding my intent.
>
> This relay isn't so much a relay as a choke point. The test network I support
> is subject to tight quotas regarding traffic on the corporate email system. I
> need all mail discarded unless it meets the following conditions:
>
> All mail relays for hosts listed in client_access
Best enforced in smtpd_client_restrictions.
> Mail from hosts not listed in client_access is subject
> to sender/recipient restrictions
Best enforced via suitable and separate smtpd_sender_restrictions
and smtpd_recipient_restrictions.
> If a sender is allowed (rare), recipients are evaluated,
> and either relayed (even rarer) or discarded
That's exactly what the configuration I posted does. What about
the configuration below fails to meet your requirements?
> Your problem is almost certainly best solved by using each of the
> multiple restriction lists to check each of the required conditions.
>
> cidr = cidr:${config_directory}/
> indexed = ${default_database_type}:${config_directory}/
>
> smtpd_client_restrictions =
> check_client_access ${cidr}allowed-clients,
> check_client_access static:discard
>
> smtpd_sender_restrictions =
> check_sender_access ${indexed}allowed-senders,
> check_client_access static:discard
>
> smtpd_recipient_restrictions =
> check_recipient_access ${indexed}allowed-recipients,
> check_client_access static:discard,
> #
> # At least one reject by default rule is required in
> # smtpd_recipient_restrictions, defeat the logic by
> # listing permit, then reject. In reality permit = discard.
> #
> permit, reject
>
> With this all mail is discarded unless all the conditions below are met:
>
> - From an allowed SMTP client (IP address CIDR table)
> - From an allowed envelope sender (indexed via postmap lookup table)
> - To an allowed envelope recipient (indexed via postmap lookup table)
--
Viktor.
