Stan, Thanks for the response. This does work, however these clients are also able to send to domains outside my environment. Let me try to clarify my scenario.
Client: With PTR record = Full relay (internal & external domains) Client: No PTR record = Relay for internal domains only Is it possible to configure Postfix to support this type configuration? On Wed, Jan 23, 2013 at 5:38 AM, Stan Hoeppner <s...@hardwarefreak.com>wrote: > On 1/22/2013 8:52 PM, Tom Tucker wrote: > > I am struggling with a configuration that might be impossible. Hopefully > > the list can help guide me. > > > > I want to allow internal systems the ability to relay emails to my > domains > > even though they might get caught with > > 'reject_unknown_reverse_client_hostname'. Possible? If yes, I am > unsure > > how to configure smtpd_sender_restrictions and > smtpd_recipient_restrictions > > to support such. > > > > > > Current non-working configuration for this scenario > > ------------------------------------------------------------------------ > > smtpd_sender_restrictions = permit_mynetworks, > > reject_unknown_sender_domain, reject_non_fqdn_sender > > > > smtpd_recipient_restrictions = reject_unknown_reverse_client_hostname, > > reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, > > reject_unauth_destination, reject_non_fqdn_recipient, > > reject_unknown_recipient_domain, reject_unverified_recipient > > Don't specify the separate restriction classes. Put everything under > smtpd_recipient_restrictions. This way you can manipulate the precise > order of your restrictions. Remember, "first match wins". If you > specify them separately you must put all permit actions at the start of > each class section. Ergo each would need to start each with > "permit_mynetworks". Here's an example of the EURR method. There is no > client, sender, or helo restriction section, only this: > > smtpd_recipient_restrictions = > permit_mynetworks > reject_unauth_destination > reject_unknown_reverse_client_hostname > reject_non_fqdn_sender > reject_non_fqdn_helo_hostname > reject_invalid_helo_hostname > reject_unknown_helo_hostname > reject_unlisted_recipient > ... > > Using this method, permit_mynetworks will match your local hosts before > reject_unknown_reverse_client_hostname matches. First match wins, and > you only have one class, so this solves your problem. > > -- > Stan > > > > >
