Helo all,
What I am trying to do is whitelist cidr ranges stored in a mysql database and
fallback to smtp auth for the previous unmatched ip addresses. This is the
pseudocode:
if (client_ip in whitelist_mysql_cidr_ranges){ accept
} else if (sender is smtp_authenticated ) { accept} else { reject}
for individual ip addresses (key-value tables) I would use something like this:
smtpd_relay_restrictions = permit_mynetworks, check_client_access
mysql:/etc/postfix/mysql_whitelist.conf,permit_sasl_authenticated, reject
since postfix only can use cidr with local files, I use a milter (mimedefang)
to do the cidr whitelist part, but milter and restricction classes seems two
separate mechanisms so this configuration isn't possible, am I right??
The only way seems be to use a different port with a sumission service
configurated.
