On Wed, Aug 24, 2022 at 04:08:29PM +0300, Ivars Strazdins wrote:
> I know that it is possible to protect l...@domain.com from external
> senders, as per https://www.postfix.org/RESTRICTION_CLASS_README.html
>
> But is it possible to limit users from the same domain who can send
> mails to an internal email distribution list?
>
> In other words, is it possible to setup Postfix so that
> us...@domain.com CAN send an email to l...@domain.com,
> us...@domain.com CANNOT send an email to l...@domain.com
Yes, but only against accidents, not against sophisticated users
determined to send mail to the list.
Just make sure that the rules restricting access to the list precede
the rules that allow in general (e.g. permit_mynetworks, ...).
Use "smtpd_relay_restrictions" to prevent open-relay abuse, and
then in "smtpd_recipient_restrictions" enforce the list-specific
rules early.
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_restriction_classes = list_access
list_access =
check_sender_access ${indexed}list-sender,
reject
smtpd_recipient_restrictions =
check_recipient_access ${indexed}rcpt-access,
...
rcpt-access:
l...@example.com list_access
list-sender:
# List the permitted senders
us...@example.com OK
--
Viktor.
