Le 07/02/2011 19:18, Nikolaos Milas a écrit :
> OK Brian,
>
> Per your advice, I modified it as below:
>
> smtpd_restriction_classes = allowed_list1
> allowed_list1= check_client_access cidr:/etc/postfix/client.cidr,reject
> smtpd_recipient_restrictions =
>
> hash:/etc/postfix/protected_destinations,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
>
avoid using obsolete "notation". specify the check_*_access explicitely.
smtpd_recipient_restrictions =
check_recipient_access hash:/etc/postfix/protected_destinations
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
>
> and I found it works fine!
>
> I only must reload postfix ("service postfix reload") in case of any
> changes in the client.cidr file.
or you can wait and the new file will be loaded when a new smtpd is
spawned.
>
> It seems this set of settings is safe for mail server operation (of
> course it won't avoid IP spoofing).
>
> By the way, I was thinking, would there be a way to restrict access to
> mail addresses based on *particular* authenticated users? The idea is: a
> user is trying to connect to our SMTP (postfix) to send email to
> ali...@example.com (which we want to control access to). He is
> authenticated by postfix as userY using SASL over our LDAP server (we
> are using virtual accounts only). Can I setup some
> "smtp_restriction_classes" based on authenticated usernames (for example
> a check_client_access lookup table saying userY OK)? I haven't been able
> to locate a similar subject in the documentation (except of course
> permit_sasl_authenticated which applies to all such users at the same
> time).
>
> Thanks very much,
> Nick
>
>
> On 7/2/2011 7:37 μμ, Brian Evans - Postfix List wrote:
>>
>>> But, could I have used "allowed_list1= check_client_access
>>> cidr:/etc/postfix/client.cidr,reject" ? Is this feasible?
>>>
>> Yes
>>
