On 7 Feb 2021, at 12:52, Marek Kozlowski wrote:
:-)
On 2/7/21 6:34 PM, Benny Pedersen wrote:
On 2021-02-07 18:28, Marek Kozlowski wrote:
Mail from 192.168.3/24 with sender's address 'sth3.tld' should be
accepted even if the user is not authenticated, and rejected without
authentication for other CIDR blocks.
add 192.168.0.0/16 to mynetworks
you show bogus logs btw
No!
"Mail from 192.168.1/24 with sender's address 'sth1.tld' should be
accepted even if the user is not authenticated, and rejected without
authentication for other CIDR blocks. "
Mail from 192.168.1/24 should be accepted for 'sth1.tld' but not for
'sth2.tld'!
I need something more flexible more restrictive in comparison to
'permit_mynetworks'. I don't want to consider come CIDR trusted,
privileged hosts at all. I just want to say: unauthorized email with
this domainname (exactly this one!) address should be accepted if it
goes from this (exactly this one!) IP range and should be
unconditionally rejected in all other cases.
You need to use a custom restriction class for this. See
http://www.postfix.org/RESTRICTION_CLASS_README.html
Something like:
smtpd_restriction_classes = localnets, othernets
localnets = permit_sasl_authenticated, check_sender_access
hash:/etc/postfix/localdomains, reject_unauth_destination
othernets = permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_access = [...] check_client_access
cidr:/etc/postfix/client_nets, [...]
/etc/postfix/localdomains:
@sth1.tld permit
@sth2.tld dunno
/etc/postfix/client_nets:
192.168.1.0/24 localnets
0.0.0.0/0 othernets
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
