On 9/19/2012 10:05 PM, Brock Henry wrote: > I can't work out the combination of rules that will give me what I want. > > What I want. > 1) non sasl, incoming mail permitted, and seen by checkfull. > 2) non sasl, outgoing mail (from inside) permitted, not seen by > checkfull. > 3) non sasl, outgoing mail (from outside) rejected (not be an open > relay, obviously) > 4) sasl, outgoing permitted, not seen by checkfull > 5) sasl, incoming permitted, seen by checkfull
This is not solvable within normal postfix restrictions, and is exactly the reason the external policy protocol was invented. The check_policy_service must be listed first under smtpd_recipient_restrictions, and the policy service must return DUNNO for non-local domains without further checking. This means the policy service must either have its own list of local domains, or must have access to whatever data source postfix is using. -- Noel Jones
