Im having a hard time copying something I did in qmail (using some random patch).
Ive got four postfix instances, two used exclusively for submission (all outbound email from us), two as mxers (all inbound email, primary then forwards to an old qmail/vpopmail setup). Im looking to have a list of staff/role accounts defined and limit those senders to only be able to reach the mxers via the submission hosts. Example: sender: supp...@example.com recipient: any...@example.com connecting IP (from mxer’s view): either of our submission servers action: accept vs. sender: supp...@example.com recipient: any...@example.com connecting IP (from mxer’s view): not either of our submission servers action: reject vs. sender: randomcusto...@example.com recipient: any...@example.com connecting IP (from mxer’s view): not either of our submission servers action: accept I can block senders, I can block hosts, but Im not clear on how to combine the two criteria. The last example is something I dont want to support, but we do have people relaying through their own ISP and using a (legit) sender address from our domain. This also keeps me from effectively using SPF, and I dont see this policy changing anytime soon. Can someone point me to the right section of the docs? Thanks, Charles ps - for the curious, qmails badmailfromnorelay patch lets you combine a list of senders that are banned only if the RELAYCLIENT env var is not set.
