On Mon, Jan 20, 2020 at 10:35:24AM +0100, [email protected] wrote:
> I am configuring a Postfix relay hosted on a cloud provider. I would like
> to allow relay access only to public IPs of my company AND to a precise
> list of senders. Here are my main.cf configurations:
>
> mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
> smtpd_recipient_restrictions = permit_mynetworks,
> check_sender_access
> hash:/etc/postfix/allowed_senders,
> reject_unauth_destination
>
> allowed_senders is like this:
>
> [email protected] OK
> [email protected] OK
> [email protected] OK
A belt-and-suspenders solution would be:
mynetworks = 127.0.0.0/8 1.2.3.4/23 4.5.6.7/32 7.8.9.1/24
# No relaying from untrusted networks
smtpd_relay_restrictions =
permit_mynetworks,
reject_unauth_destination
# Also, no relaying by unauthorized senders
smtp_sender_restrictions =
check_sender_access hash:/etc/postfix/allowed_senders,
reject_unauth_destination
# Apply UCE controls to remote clients
smtpd_recipient_restrictions =
permit_mynetworks,
... anti-spam rules if any ...
allowed_senders:
# Just in case, reject relay attempts from untrusted networks
#
[email protected] permit_mynetworks, reject_unauth_destination
[email protected] permit_mynetworks, reject_unauth_destination
[email protected] permit_mynetworks, reject_unauth_destination
--
Viktor.
