On Sun, Sep 13, 2009 at 02:47:09AM +0000, George Forman wrote: > I want to set up a postfix server which only takes traffic from > 'mynetworks'.
No, a set of clients, authorized to access your server, but not fully trusted to e.g. relay, hence not "mynetworks". > For N out M IP addresses, the postfix server must reject_unauth_destination. Hence the "N" in question are not in "mynetworks". > However, for a select few IP addresses in the list, I want the postfix > serverto behave differently. These (M-N) nodes could get added to "mynetworks". > I have been reading http://www.postfix.org/SMTPD_ACCESS_README.html > trying to figure out if it is possible to support this without running > two separate postfix servers. Yes, it is possible to do this in many different ways. Use a CIDR table to apply different rules to different clients: client.cidr: 192.0.2.0/24 DUNNO 0.0.0.0/0 reject main.cf: # This host is fully trusted. mynetworks = 192.0.2.1 smtpd_recipient_restrictions = # Boiler-plate permit_mynetworks, reject_unauth_destination, # Filter out unauthorized (most) clients. check_client_access cidr:${config_directory}/client.cidr, # additional (sender?) restrictions for 192.0.2.0/24 hosts ... -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the "Reply-To" header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> If my response solves your problem, the best way to thank me is to not send an "it worked, thanks" follow-up. If you must respond, please put "It worked, thanks" in the "Subject" so I can delete these quickly.
