I've got a situation where some clients on my network apparently have computers that have been compromised because every time they change their password, spammers on the outside get it and use their email account to spam.
I've got the server right now configured to only allow users within my network to send e-mail, so that particular problem is under control, but this necessarily means that users OUTSIDE my network cannot relay, even if they sasl-auth. In looking through the documentation and readmes, I've come across the smtpd_client_restrictions setting, and the check_client_access clause. Am I right in guessing that if I do something like the following: smtpd_sender_restrictions = permit_mynetworks, check_sender_access mysql:/etc/postfix/mysql_sender_access.cf, permit_sasl_authenticated, reject; where check_sender_access returns 'dunno' for 'trusted' clients and 'no' for 'untrusted' clients, that the result will be to fall through to permit_sasl_auth for the 'trusted' clients and fail entirely for the 'untrusted' clients who are OUTSIDE, but still permit normal relay for clients who are INSIDE? Thanks in advance for your help. Chris
