Re: Upon IP address, restrict sending destination.

Jacky Chan Mon, 19 Jan 2009 18:33:50 -0800

Noel Jones-2 wrote:
> 
> Jacky Chan wrote:
>> Dear All,
>> 
>> As subject. Does the following configuration meet the subject?
>> 192.168.1.55 and 192.168.1.56 can only send mail to subdomain1.abc.com,
>> subdomain2.abc.com            
>> And others IP in 192.168.1.0/24 can send mail to subdomain1.abc.com,
>> subdomain2.abc.com and outsiders, is that achieved by the following
>> configuration?
>> 
>> #/etc/postfix/main.cf
>> mynetworks = hash:/etc/postfix/access
>> smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
>> smtpd_recipient_restrictions = permit_mynetworks,
>> reject_unauth_destination
>> 
>> smtpd_restriction_classes = local_only
>> local_only = check_recipient_access hash:/etc/postfix/local_domains,
>> reject
>> 
>> # /etc/postfix/access
>> 192.168.1.55       REJECT
>> 192.168.1.56       REJECT
>> 192.168.1.0/24    OK
>> 
>> # /etc/postfix/local_only
>> subdomain1.abc.com            OK
>> subdomain2.abc.com            OK
>> 
> 
> No, the above will not work, there are multiple errors.
> 
> Use the example I sent you earlier, and read the documentation 
> for mynetworks I pointed out to you in the earlier mail.
> 
> Feel free to ask any question you may have about using 
> mynetworks, but don't make up your own syntax.
> 
> For your stated problem you do not need 
> smtpd_restriction_classes, nor an access map.  The mynetworks 
> parameter is intended exactly for what you have asked for.
> 
> -- 
> Noel Jones
> 
> 

Yeap, I finally got your idea. And I don't expect that is such easy to
configure.
Indeed for mynetwork parameter, I do have a list of IP to be restricted so I
want it to be located on an external file but not in main.cf
As advised by Magnus, how do I create the external iplist.cidr

# main.cf
mynetworks = cidr:/etc/postfix/iplist.cidr

# /etc/postfix/iplist.cidr

!192.168.1.1       
!192.168.1.2
192.168.1.3
!192.168.0.0/16

In iplist.cidr, how about I don't supply the result, such as OK or REJECT?
Is that OK?

I should have 192.168.1.1, 192.168.0.0 and 192.168. whole network not be
trusted to send mail which doesn't contain in mydestination (simply
speaking)

And 192.168.1.3 should be trusted to send mail either in mydestination or
not.

Best,
Jacky


-- 
View this message in context: 
http://www.nabble.com/Upon-IP-address%2C-restrict-sending-destination.-tp21536576p21555930.html
Sent from the Postfix mailing list archive at Nabble.com.
Re: Upon IP address, restrict sending destination.

Reply via email to
