use of two check_policy_service

Mon, 24 Nov 2014 13:38:59 -0800 

hello guys
after a tedious an unsuccesfull search in the archive list, a lot of documents and notes stored with the years in my hdd and old (paper) notebooks besides a lot of searches in internet i must surrender to the fact that i can do this without help 


i must prepare a postfix server with some especific requirements, the 2 
with  trouble are:
- only the boss and sales people cant send/receive  from outside , the 
other employees are allowed email only inside the company

- SPF must be checked


is really easy fullfill any of them separatelly but no matter what i 
have done, they don't work the way i need with both of them, this 2 can 
easily be implemented very easily with postfwd  and postfix-policyd-spf 
[perl or python version]



is possible use two lines with check_policy_service  without going in 
open-relay condition ?

somebody can help me ?

this is the last config tested


the postfwd.cf  (relevant parts)


id=rule-011 ; sender_domain=this_office.company.tld ; client_address = 
!! 192.168.169.0/24 ; action=REJECT Not in my name please
id=rule-020 ; sender_domain= company.tld ; 
recipient_domain=this_office.company.tld ; action=OK
id=rule-021 ; recipient_domain=company.tld; 
sender_domain=this_office.company.tld ; action=OK

id=rule-031 ; sender== salesmen1@this_office.company.tld; action=OK
id=rule-032 ; recipient==salesmen1@this_office.company.tld; action=OK
....
#the same for the others salesman  and the boss


id=rule-800 ; sender_domain=this_office.company.tld ; 
recipient_domain==!!(.office.company.tld) ; action=REJECT
id=rule-801 ; recipient_domain=this_office.company.tld ; 
sender_domain==!!(.office.company.tld) ; action=REJECT




i must insert the postfwd check (  check_policy_service 
inet:127.0.0.1:10040 )  but where ?


from main.cf

mynetwoks = 127.0.0.1/8
.....
smtpd_recipient_restrictions = permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  reject_unlisted_recipient,
  reject_unauth_destination,
  check_sender_access hash:/etc/postfix/access,
  check_policy_service unix:private/policy-spf


i'm aware of the existence of other ways for implement the restriction 
on sender/recipient and have tried some but fails the same for what is 
needed.
























					Reply via email to