On 2/21/2012 10:55 AM, Harakiri wrote:
>
>
> --- On Tue, 2/21/12, Noel Jones <njo...@megan.vbhcs.org> wrote:
>
>> From: Noel Jones <njo...@megan.vbhcs.org>
>> Subject: Re: check_sender_access only for "outbound" mails e.g. those that
>> are in mynetworks
>
>> something like:
>>
>> # /etc/postfix/mynetworks.cidr
>> 127.0.0.0/8 OK {or check_local_sender depending on
>> what you want}
>> 192.168.0.0/16 check_local_sender
>>
>> # main.cf
>> mynetworks = cidr:/etc/postfix/mynetworks.cidr
>>
>> smtpd_restriction_classes = check_local_sender
>>
>> check_local_sender = check_sender_access ldap:whatever,
>> reject
>>
>> smtpd_sender_restrictions =
>> check_client_access
>> cidr:/etc/postfix/mynetworks.cidr
>>
>> (no changes to smtpd_recipient_restrictions needed)
>
> But with check_local_sender and the final action "reject" wouldnt this also
> be executed for inbound mails? And since i cannot simply specify ALL unknown
> IP addresses in mynetworks to say "OK" - this would basically reject all
> inbound messages.
>
> As far as i understood, for non-mynetwork IP addresses the
> check_sender_access would return nothing (but it would need to return OK) -
> hence the final action "reject" is executed now.
The sample setup is correct.
If the client IP is not listed in the mynetworks.cidr, then
check_local_sender is never performed.
End result is the sender address is only enforced for IPs listed in
mynetworks. External (unlisted) IPs can use whatever sender they
want and are not checked.
-- Noel Jones
