Hi Ansgar, Thank you. It worked like a charm.
On Wed, 6 Jan 2021 at 16:16, Ansgar Wiechers <li...@planetcobalt.net> wrote: > On 2021-01-06 Burn Zero wrote: > > I need to restrict outbound email to the internet by client IP. i.e. > > if an IP is in a blocked list, it should only be allowed to be sent to > > local domains. Is this possible? Please advise. > > > > I read http://www.postfix.org/RESTRICTION_CLASS_README.html but it is > > only using the usernames and not the IP address. > > Using check_client_access instead of check_sender_access should do what > you want: > > ----8<---- > # /etc/postfix/main.cf > ... > smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > ... > check_client_access cidr:/etc/postfix/restricted_clients.cidr > ... > > smtpd_restriction_classes = local_only > local_only = > check_recipient_access hash:/etc/postfix/local_domains > reject > ... > ---->8---- > > ----8<---- > # /etc/postfix/restricted_clients.cidr > 192.168.23.42 local_only > 192.168.17.0/24 local_only > ... > ---->8---- > > ----8<---- > # /etc/postfix/local_domains > foo.example.org OK > bar.example.org OK > ... > ---->8---- > > Regards > Ansgar Wiechers > -- > "All vulnerabilities deserve a public fear period prior to patches > becoming available." > --Jason Coombs on Bugtraq >
