On Mon, 27 May 2013 23:27:40 +0200 Patrick Ben Koetter <p...@sys4.de> wrote
> * Benny Pedersen <m...@junc.eu>: > > Bogdan Enache skrev den 2013-05-27 21:38: > > > > >How should I define the restrictions so other users will not be > > >affected by this restriction, and where should I put them in the > > >config? > > You need to catch the sender address and route it into a dedicated filter > ruleset. Here's how you do it: > > The check_sender_access restriction below triggers the lookup to catch the > sender: > > smtpd_recipient_restrictions = > ... > check_sender_access hash:/etc/postfix/internal_senders > permit_mynetworks > reject_unauth_destination > ... > > In the map you list the senders that should be re-routed to the dedicated > filter ruleset: > > # /etc/postfix/internal_senders > restric...@example.com internal_only > > The rule above says to route restric...@example.com to a ruleset called > "internal_only". You need to define it, before you can add rules to it: > > smtpd_restriction_classes = > internal_only > > Now you can create the restriction class "internal_only" and add rules. They > are executed top to bottom - first match wins: > > internal_only = > check_recipient_access hash:/etc/postfix/internal_domains > reject > > In the map /etc/postfix/internal_domains you list all recipient domains the > sender should be permitted to send to. When you say "OK" you tell Postfix to > permit the senders request (send a message): > > # /etc/postfix/internal_domains > example.com OK > example.org OK > > If the recipient domain is not in /etc/postfix/internal_domains Postfix will > look for the next rule. In "internal_only" I wrote "reject". This is a static > action, which always is true if Postfix tests it. It gives you what you want. > Either the recipient domain is on /etc/postfix/internal_domains or the > request action (send a message) will be rejected. > > > this is solved with postfwd, but its possible to learn more with > > postfix :) > > Less tools rulez. ;) > > p@rick > This is an interesting issue. Would it be possible to implement the setting in conjuction with a REDIRECT action? In a way that would be transparent for the user: if the message is directed to a local domain -> OK, if it isn't then -> REDIRECT Chris
