On Wed, Aug 24, 2022 at 04:08:29PM +0300, Ivars Strazdins wrote:
> I know that it is possible to protect [email protected] from external
> senders, as per https://www.postfix.org/RESTRICTION_CLASS_README.html
>
> But is it possible to limit users from the same domain who can send
> mails to an internal email distribution list?
>
> In other words, is it possible to setup Postfix so that
> [email protected] CAN send an email to [email protected],
> [email protected] CANNOT send an email to [email protected]
Yes, but only against accidents, not against sophisticated users
determined to send mail to the list.
Just make sure that the rules restricting access to the list precede
the rules that allow in general (e.g. permit_mynetworks, ...).
Use "smtpd_relay_restrictions" to prevent open-relay abuse, and
then in "smtpd_recipient_restrictions" enforce the list-specific
rules early.
main.cf:
indexed = ${default_database_type}:${config_directory}/
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_restriction_classes = list_access
list_access =
check_sender_access ${indexed}list-sender,
reject
smtpd_recipient_restrictions =
check_recipient_access ${indexed}rcpt-access,
...
rcpt-access:
[email protected] list_access
list-sender:
# List the permitted senders
[email protected] OK
--
Viktor.
