On 6/6/2013 4:02 AM, Feel Zhou wrote: > Thanks for all > I have read the document > http://www.postfix.org/RESTRICTION_CLASS_README.html > Maybe it's not what I need to setting. I don't have internal email > distribution list, so do not need to protect it. And I don't want to > restrict any user send mail to off-site destinations.
Read it again, that's the right tool. If you study the examples, you'll notice they first check one property, then check another. That's exactly what you need. You're supposed to use those examples to create your own rules that first use a check_client_access map to see if the client is one of your networks, then the result will be a restriction class that calls a check_sender_access map. Example: 192.168.100.0/24 must use @A.example.com 192.168.200.0/24 must use @B.example.com # main.cf smtpd_restriction_classes = from_net_A from_net_B from_net_A = check_sender_access hash:/etc/postfix/require_sender_A reject from_net_B = check_sender_access hash:/etc/postfix/require_sender_B reject smtpd_sender_restrictions = check_client_access cidr:/etc/postfix/enforce_networks.cidr # enforce_networks.cidr 192.168.100.0/24 from_net_A 192.168.200.0/24 from_net_B # require_sender_A A.example.com OK # require_sender_B B.example.com OK -- Noel Jones
