>* Matt <nuk...@besonet.ch>: >> >> >> First of all, thank you for reading this! I have the following >> >> >> two goals: >> >> >> To a) only allow relaying mail when SASL authenticated, and b) to only >> >> >> accept local (virtual) domains in the "MAIL FROM" address when >> >> >> relaying. >> >> > >> >> >Read into $smtpd_sender_login_maps. >> >> > >> >> >p@rick >> >> >> >> Thank you for the fast reply. I've had a look at that but basically every >> >> sender has the same allowed domains, which is all of the local (virtual) >> >> domains. Is there a way to tell this to postfix without listing every >> >> single >> >> domain for every single SASL user? >> > >> >If you take envelope sender restrictions seriously, no. >> >It's a job for a script. >> > >> >p@rick >> >> Ok, thanks. I'll see if I can do something with "check_policy_service" then. > >Sounds as if you are going to reimplement an already existing functionality. > >p@rick >
I hope not. The approach would be to check if the domain part of "MAIL FROM" matches a certain set of IPs and otherwise reject, but only if the user is authenticated. For the unauthenticated case the rules already work fine. - Matt
