On Monday, January 19, 2009 at 05:11 CET,
Jacky Chan <jac...@wkg1.umac.mo> wrote:
> As subject. Does the following configuration meet the subject?
> 192.168.1.55 and 192.168.1.56 can only send mail to subdomain1.abc.com,
> subdomain2.abc.com
> And others IP in 192.168.1.0/24 can send mail to subdomain1.abc.com,
> subdomain2.abc.com and outsiders, is that achieved by the following
> configuration?
No. Noel has already posted a working configuration where you list the
non-relaying IP addresses in mynetworks. This will allw 192.168.1.5[56]
to send to all domains managed by you, but perhaps this is enough?
> #/etc/postfix/main.cf
> mynetworks = hash:/etc/postfix/access
Must be: cidr:/etc/postfix/access
> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
>
> smtpd_restriction_classes = local_only
> local_only = check_recipient_access hash:/etc/postfix/local_domains, reject
>
> # /etc/postfix/access
> 192.168.1.55 REJECT
> 192.168.1.56 REJECT
> 192.168.1.0/24 OK
>
> # /etc/postfix/local_only
> subdomain1.abc.com OK
> subdomain2.abc.com OK
No, this is backwards (and there's a filename mismatch -- local_domains
vs. local_only). See the example at [1] but replace check_sender_access
with check_client_access.
Also, you probably don't want to return OK for 192.168.1.0/24. That
means that all restrictions listed after your check_client_access
restriction will be bypassed, and this is probably not what you want.
[1] http://www.postfix.org/RESTRICTION_CLASS_README.html#external
--
Magnus Bäck
mag...@dsek.lth.se
