Magnus Bäck wrote: > > On Monday, January 19, 2009 at 05:11 CET, > Jacky Chan <jac...@wkg1.umac.mo> wrote: > >> As subject. Does the following configuration meet the subject? >> 192.168.1.55 and 192.168.1.56 can only send mail to subdomain1.abc.com, >> subdomain2.abc.com >> And others IP in 192.168.1.0/24 can send mail to subdomain1.abc.com, >> subdomain2.abc.com and outsiders, is that achieved by the following >> configuration? > > No. Noel has already posted a working configuration where you list the > non-relaying IP addresses in mynetworks. This will allw 192.168.1.5[56] > to send to all domains managed by you, but perhaps this is enough? > >> #/etc/postfix/main.cf >> mynetworks = hash:/etc/postfix/access > > Must be: cidr:/etc/postfix/access > >> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access >> smtpd_recipient_restrictions = permit_mynetworks, >> reject_unauth_destination >> >> smtpd_restriction_classes = local_only >> local_only = check_recipient_access hash:/etc/postfix/local_domains, >> reject >> >> # /etc/postfix/access >> 192.168.1.55 REJECT >> 192.168.1.56 REJECT >> 192.168.1.0/24 OK >> >> # /etc/postfix/local_only >> subdomain1.abc.com OK >> subdomain2.abc.com OK > > No, this is backwards (and there's a filename mismatch -- local_domains > vs. local_only). See the example at [1] but replace check_sender_access > with check_client_access. > > Also, you probably don't want to return OK for 192.168.1.0/24. That > means that all restrictions listed after your check_client_access > restriction will be bypassed, and this is probably not what you want. > > [1] http://www.postfix.org/RESTRICTION_CLASS_README.html#external > > -- > Magnus Bäck > mag...@dsek.lth.se > >
Hi, Magnus. Thank you very much for your advise and I changed the configuration as below. Would you mind to have a look and please point out what I missed. I highlighted the modification in BOLD. #/etc/postfix/main.cf mynetworks = cidr:/etc/postfix/access smtpd_client_restrictions = check_client_access cidr:/etc/postfix/access smtpd_recipient_restrictions = check_client_access cidr:/etc/postfix/access,permit_mynetworks, reject_unauth_destination smtpd_restriction_classes = local_only local_only = check_recipient_access hash:/etc/postfix/local_domains, reject # /etc/postfix/access 192.168.1.55 REJECT 192.168.1.56 REJECT 192.168.1.0/24 RELAY # /etc/postfix/local_domains subdomain1.abc.com OK subdomain2.abc.com OK -- View this message in context: http://www.nabble.com/Upon-IP-address%2C-restrict-sending-destination.-tp21536576p21537917.html Sent from the Postfix mailing list archive at Nabble.com.
