Munroe Sollog:
> In an attempt to work around existing infrastructure, I am trying
> to restrict, by sender domain, what mail is accepted from certain
> IPs. My thought at the moment is the lookup would look something
> like:
>
> ip.add.re.ss domain1.com, domain2.com
This, of course, works only for a small number of domains that you
are intimately familiar with.
If this were implemented with Postfux built-ins it would involve
recursive access maps, which Postfix does not support, but there
is a workaround called restriction_classes that could do the job
but it gets ugly quickly as the example below illustrates.
If you control the sender domains, using SPF would be simpler.
Wietse
Docs: http://www.postfix.org/RESTRICTION_CLASS_README.html
Untested example:
/etc/postfix/main.cf:
restriction_classes = require_domain1_ip require_domain2_ip ...
require_domain1_ip =
check_client_access hash:/etc/postfix/domain1_ip_access
require_domain2_ip =
check_client_access cidr:/etc/postfix/domain2_ip_access.cidr
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/sender_access
/etc/postfix/sender_access:
domain1.com require_domain1_ip
domain2.com require_domain2_ip
/etc/postfix/domain1_ip_access
1.2.3.4 OK
1.2.3.5 OK
/etc/postfix/domain2_ip_access.cidr
4.3.2.0/24 OK
Again, totally untested.
