Am 23.09.2014 um 09:28 schrieb CSS: > Im having a hard time copying something I did in qmail (using some > random patch). > > Ive got four postfix instances, two used exclusively for submission > (all outbound email from us), two as mxers (all inbound email, > primary then forwards to an old qmail/vpopmail setup). > > Im looking to have a list of staff/role accounts defined and limit > those senders to only be able to reach the mxers via the submission > hosts. > > Example: > > sender: supp...@example.com > recipient: any...@example.com > connecting IP (from mxer’s view): either of our submission servers > action: accept > > vs. > > sender: supp...@example.com > recipient: any...@example.com > connecting IP (from mxer’s view): not either of our submission servers > action: reject > > vs. > > sender: randomcusto...@example.com > recipient: any...@example.com > connecting IP (from mxer’s view): not either of our submission servers > action: accept > > I can block senders, I can block hosts, but Im not clear on how to > combine the two criteria. > > The last example is something I dont want to support, but we do have > people relaying through their own ISP and using a (legit) sender > address from our domain. This also keeps me from effectively using > SPF, and I dont see this policy changing anytime soon. > > Can someone point me to the right section of the docs? > > Thanks, > > Charles > > ps - for the curious, qmails badmailfromnorelay patch lets you > combine a list of senders that are banned only if the RELAYCLIENT > env var is not set. >
perhaps this helps http://www.postfix.org/RESTRICTION_CLASS_README.html or you try some policy server Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
