Re: Accept mail only from certain domains for one of many domains.

Tue, 22 Jun 2010 15:50:36 -0700 

Philippe Chaintreuil a écrit :
> Hello all,
> 
>       I have a some what convoluted setup that I'd like to make a
> modification to, and was looking for some pointers.
> 
> The Long-winded situation:
> 
>       I run a small host that servers as a mail server for multiple domains
> (about 25).  All but one of these is a fairly standard setup using
> virtual_alias_domains + virtual_alias_maps +
> 
> -----------------------------------------------------------------------
> smtpd_recipient_restrictions =
>         check_client_access hash:/etc/postfix/helo_client_exceptions,
>         check_sender_access hash:/etc/postfix/sender_checks,
>         reject_invalid_hostname,
>         permit_sasl_authenticated,
>         reject_non_fqdn_hostname,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_recipient,
>         reject_unknown_sender_domain,
>         reject_unknown_recipient_domain,
>         permit_mynetworks,
>         reject_unauth_destination,
> # Check with sqlgrey.
>         check_policy_service inet:127.0.0.1:2501
>         check_client_access hash:/etc/postfix/rbl_client_exceptions,
>         reject_rbl_client cbl.abuseat.org,
>         reject_rbl_client sbl-xbl.spamhaus.org,
>         reject_rbl_client bl.spamcop.net,
>         reject_rhsbl_sender dns.rfc-ignorant.org
> 
> mynetworks = 192.168.0.0/16 127.0.0.0/8 64.18.0.0/20
> # Note: 64.18.0.0/20 is Postini.
> -----------------------------------------------------------------------
> 
>       The one odd-ball domain, however, pays Postini to filter their mail,
> which is included in "mynetworks". 

not the best you can do. mynetworks can relay, which postini don't need
to. use a check_client_access instead... see below.

> The Postini domain's MX records all
> point to Postini servers.
> 
> The QUESTION:
>       Is there a way to get just this domain to only accept messages from
> Postini + other virtual domains on this server (I guess this is likely
> just "mynetworks"), while all the others continue to accept "valid"
> messages from "anyone" (as above)?
> 

you can use smtpd_restriction_classes.

smtpd_restriction_classes =
        ...
        postini_protected

smtpd_client_restrictions =
        check_recipient_access hash:/etc/postfix/postini_domains.hash

postini_protected =
        check_client_access cidr:/etc/postfix/postini.cidr
        reject


== postini_domains.hash
example.com     postini_protected


== postini.cidr
10.1.2.0/24     OK
...

Reply via email to