On 04/29/2011 05:34 AM, Jurvis LaSalle wrote:
In the docs here: http://www.postfix.org/RESTRICTION_CLASS_README.html#external

/etc/postfix/main.cf:
        smtpd_recipient_restrictions =
                check_sender_access hash:/etc/postfix/restricted_senders
                ...other stuff...
Is this a typo or can you use check_sender_access with 
smtpd_recipient_restrictions?

All restrictions are valid where the documentation indicates they are valid.

The smtpd_mumble_restrictions are applied to different stages of the SMTP transaction: connect, HELO, mail from, rcpt to, data.

Since the sender address is known at the rcpt to stage, it is valid to check the sender at that point.
This allows one to do such things as:

smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/bad_senders, permit

If /etc/postfix/bad_senders contains the following:

    bad_user    REJECT You're bad!

This means that that sender can send mail only when he connects from a client in $mynetworks.
From anywhere else he will be refused.

Postfix' access model allows enormous flexibility in what you accept or reject.


For simple setups it is often recommended to put all your restrictions in smtpd_recipient_restrictions for ease of maintenance, but as you can see the above could be made arbitrarily complex by putting different restrictions at different stages.



--
J.

Reply via email to